NYCPHP Meetup

[nycphp-talk] PHP DLOpen Vulnerability WAS: php problems from SecurityFocus Newsletter # 210

max goldberg max at idsociety.com
Tue Aug 19 15:34:15 EDT 2003


dlopen is a c command used by php for opening a shared object.
similar to the php command dl().

Analysis & Solutions wrote:

> Folks:
> 
> On Mon, Aug 18, 2003 at 05:14:20PM -0400, Hans Zaunere wrote:
> 
>>>PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
>>>http://www.securityfocus.com/bid/8405
>>
>>Hmm... does this strike anyone else as an odd report?
> 
> 
> Yes, I thought so when I first read it, but I didn't feel like bothering 
> with commentary when I posted.
> 
> First, it seemed more like an Apache issue.  Then, why would this one
> function be a problem?  Doesn't everything go into memory?  So, I went to
> php.net/dlopen to research what this function does.  Turns out it's not in
> the manual.  Is this a function that's used by PHP internals or something?
> 
> --Dan
> 




More information about the talk mailing list