On Thu, Mar 18, 2004 at 10:21:12AM +0200, you [Ville Herva] wrote: > > > Your research seems good enough to convince me. > > But I found nothing explicit to suggest php-4.1.2-7.x.6 is vulnerable... Well, getting my off lazy ass... I ran the bugtraq proof-of-concept-exploits (http://www.securityfocus.com/bid/{7187,7197,7198,7199,7210}/exploit/) for a box that runs php-4.1.2-7.x.6. Here are the results: 7210: does nothing 7199: no proof-of-concept exploit 7198: crashes httpd ("[notice] child pid 23937 exit signal Segmentation fault (11)") 7197: does nothing ("Warning: socket_recv() expects exactly 2 parameters, 4 given in /data/www/intra/cgi-bin/uggabugga/exploit7197.php on line 3") 7187: crahes httpd ("[notice] child pid 10276 exit signal Segmentation fault (11)") So it is vulnerable, and likely exploitable, too. As these are local privilege escalations only, I'm not overly worried. -- v -- v@xxxxxx -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
