July 15, 2004

Nasty remote hole in PHP

Frank Neugebauer writes "PHP is a widely-used general-purpose scripting language that is especially suited
for Web development and can be embedded into HTML.

According to Security Space PHP is the most popular Apache module and is installed
on about 50% of all Apaches worldwide. This figure includes of course only those
servers that are not configured with expose_php=Off.

During a reaudit of the memory_limit problematic it was discovered that it
is possible for a remote attacker to trigger the memory_limit request termination
in places where an interruption is unsafe. This can be abused to execute arbitrary
code on remote PHP servers."

Link: security.e-matters.de

Click Here!