[nycphp-talk] PHP DLOpen Vulnerability WAS: php problems from SecurityFocus Newsletter # 210
hans at nyphp.org
Mon Aug 18 17:14:20 EDT 2003
> A PROBLEM IN PHP ITSELF !!!
> PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
> A problem has been reported in the dlopen function of PHP when used with
> the Apache web server. Because of this, an attacker may be able to gain
> unauthorized access to potentially sensitive information.
> The problem is in the ability to access the memory of the calling process.
> When a PHP script is executed by an Apache process, it is possible to
> dump the contents of the Apache process memory to a text file. This could
> be used by an attacker to gain access to potentially sensitive information
> which could include authentication credentials. The function may also
> permit other attacks, such as allowing an attacker to deliver different
> content other than what the server is configured to serve.
Hmm... does this strike anyone else as an odd report? The report must be referring to mod_php and since it's loaded directly into Apache, of course it can read the memory - as can any Apache module... any thoughts from those with more Apache/PHP internal knowledge than I?
Seems like a "duh" report and a false-positive,
More information about the talk