Threat Level: Infocon green
Internet Storm Center
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.


PHP 5.4 Remote Exploit PoC in the wild

Published: 2012-05-19,
Last Updated: 2012-05-19 13:46:25 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

1 comment(s)

There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.

Since there is no patch available for this vulnerability yet, you might want to do the following:

  • Block any file upload function in your php applications to avoid risks of exploit code execution.
  • Use your IPS to filter known shellcodes like the ones included in metasploit.
  • Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
  • Use your HIPS to block any possible buffer overflow in your system.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
1 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2012-05-19 Manuel Humberto Santander Pelaez PHP 5.4 Remote Exploit PoC in the wild
2012-05-18 Johannes Ullrich ZTE Score M Android Phone backdoor
2012-05-17 Johannes Ullrich Do Firewalls make sense?
2012-05-17 Adam Swanger ISC Feature of the Week: Tools->Information Gathering
2012-05-16 Johannes Ullrich Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-16 Johannes Ullrich Reserved IP Address Space Reminder
2012-05-15 Dan Goldberg Odd DNS replies from 10 nets and RFC1323 impacting firewalls
2012-05-14 Chris Mohan Laptops at Security Conferences
2012-05-14 Mark Hofman Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7
2012-05-13 Joel Esler Exploit Kits are a mess
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  cryptography     adobe     anti virus     memory corruption     cve 20122110     open ssid     challenge     mac os x     sysinternals     bug fixes     microsoft     flashback malware     wardriving     wireshark     windows     google     nat     useragent     malware     wordpress     black tuesday     rfc1035     sha     tns listener     incident     fail     hp procurve 5400     ddos     spam     packets     patch     wireless     oracle     os x     rfc2181     adobe reader     incident response     flashback trojan     firewall     devices     patches     firefox     patch tuesday     wicd     tools     phpthumb     fda     incident handlers     windows 8     social networking     adobe acrobat     openssl     net     privilege escalation     javascript     ms09027     rfc1918     php     windows vista     vcenter     regripper     apple     laptop     msft     ipod     samba     security update     bypass     vmware     android     snow leopard     flash     backdoor     adobe flash player     dns     medical malware     md5     incident response team     mozilla     mcafee     logs     zte     hashes     exploitmacosxms09027a     vulnerability assessmentcva     ntp     security     flashback     privacy     antivirus malware protection     safari     incident management     ipad     turbo tax     iphone     java     blackhole     ios 511     helpdesk     hardening     vista     shellcode     backtrack 5 r2     isc feature     incident handling     scam     xss  
site/port/ip search:

ISC Polllink arrow

Which security patch delivery schedule do you prefer?

Latest RR Paperslink arrow

Risk Assessment of Social Media

Shedding Light on Security Incidents Using Network Flows

In-house Penetration Testing for PCI DSS

A Regular Expression Search Primer for Forensic Analysts

Diskless Cluster Computing: Security Benefit of oneSIS and Git

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

PHP 5.4 Remote Exploit PoC in the wild - by: Manuel Humberto Santander Pelaez (2012-05-19)

ZTE Score M Android Phone backdoor - by: Johannes Ullrich (2012-05-18)

Do Firewalls make sense? - by: Johannes Ullrich (2012-05-17)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute