[26271] in bugtraq
Re: PHP Resource Exhaustion Denial of Service
daemon@ATHENA.MIT.EDU (vjt)
Tue Jul 23 18:00:51 2002
Date: Tue, 23 Jul 2002 22:22:22 +0200
From: vjt <vejeta@azzurra.org>
To: bugtraq@securityfocus.com
Message-ID: <20020723202222.GB781@peika.vejnet.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="8P1HSweYDcXXzwPJ"
Content-Disposition: inline
In-Reply-To: <000801c23058$442dc220$e62d1c41@kc.rr.com>
--8P1HSweYDcXXzwPJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Jul 20, 2002 at 08:45:17PM -0500, Matthew Murphy wrote:
> The PHP interpreter is a heavy-duty CGI EXE (or SAPI module, depending on
> configuration) that implements an HTML-embedded script language. A
> vulnerability in PHP can be used to cause a denial of service in some cas=
es.
[cut]
> Exploit: http://www.murphy.101main.net/php-apache.c
>=20
this does not apply when the php interpreter is dynamically loaded by
apache using the DSO interface (or whatever dynamic loading interface
of whatever web server). and afaik this is a more common approach when
dealing with unix web servers.
best regards,
vjt
--=20
pub 1024D/5201DC33 2002-01-24 vjt <vjt@users.sf.net>
Key fingerprint =3D C80A DC06 E81C 4613 236B 833F C2C6 009F 5201 DC33
http://bahamut-inet6.sourceforge.net/vjt.asc
--8P1HSweYDcXXzwPJ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9Pbr9wsYAn1IB3DMRAm1uAJ9r4BoEAXhscjEHscvlrLUVPcJ/jwCeNNPg
0xa/RU8cF98yLx0H+qwzYdY=
=Ip2E
-----END PGP SIGNATURE-----
--8P1HSweYDcXXzwPJ--
