[Full-Disclosure] Fw: php-exec-dir vulnerable?
venom at gen-x.co.nz
Wed Jul 7 23:59:38 BST 2004
Php-exec-dir been fixed for those who care.
http://kyberdigi.cz/projects/execdir/english.html for those who need english
VeNoMouS reported that you can execute commands out of specified directories
if you prepend a ';' character to the beginning of the command and try to
execute it with the backtick operator. In original safe_mode_exec_dir the
backtick operator is turned off, in this patch it is not. Therefore, all the
patches listed here were updated with a simple fix that ignores commands to
be run through the backtick operator contaning this dangerous character. A
warning will be printed to standard output and command will not be run. You
are strongly encouraged to download new patch for your version of PHP. The
patches listed in section download are correct ones, so check the MD5 of the
patch you have to those in the list. All version from 4.3.2 to 4.3.7
(inclusive) were vulnerable.
----- Original Message -----
From: "C. McCohy" <mccohy at kyberdigi.cz>
To: "VeNoMouS" <venom at gen-x.co.nz>
Sent: Wednesday, July 07, 2004 9:43 PM
Subject: Re: php-exec-dir vulnerable?
> Ok I fixed all patches to all previous and current versions of the patch,
> description can be found on the project homepage
> Please inform all internet groups you have informed about the bug before.
> Baj ... C. McCohy
> While you are reading this text, an essential hacking tool
> is being silently installed on your computer.
Full-Disclosure is hosted and sponsored by Secunia.