Threat Level: Infocon green
Internet Storm Center
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.


PHP 5.4 Remote Exploit PoC in the wild

Published: 2012-05-19,
Last Updated: 2012-05-19 13:46:25 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

1 comment(s)

There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.

Since there is no patch available for this vulnerability yet, you might want to do the following:

  • Block any file upload function in your php applications to avoid risks of exploit code execution.
  • Use your IPS to filter known shellcodes like the ones included in metasploit.
  • Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
  • Use your HIPS to block any possible buffer overflow in your system.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
1 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2012-05-19 Manuel Humberto Santander Pelaez PHP 5.4 Remote Exploit PoC in the wild
2012-05-18 Johannes Ullrich ZTE Score M Android Phone backdoor
2012-05-17 Adam Swanger ISC Feature of the Week: Tools->Information Gathering
2012-05-17 Johannes Ullrich Do Firewalls make sense?
2012-05-16 Johannes Ullrich Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-16 Johannes Ullrich Reserved IP Address Space Reminder
2012-05-15 Dan Goldberg Odd DNS replies from 10 nets and RFC1323 impacting firewalls
2012-05-14 Chris Mohan Laptops at Security Conferences
2012-05-14 Mark Hofman Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7
2012-05-13 Joel Esler Exploit Kits are a mess
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  vulnerability assessmentcva     scam     regripper     rfc1035     net     wicd     incident     adobe reader     ipad     ios 511     windows vista     ntp     adobe     java     android     mcafee     patches     incident handling     vmware     incident management     spam     adobe flash player     isc feature     tools     wardriving     memory corruption     vista     tns listener     hashes     hardening     mac os x     samba     bug fixes     challenge     flashback malware     wireless     exploitmacosxms09027a     cryptography     php     medical malware     packets     sha     fda     open ssid     antivirus malware protection     oracle     adobe acrobat     iphone     javascript     rfc1918     wordpress     bypass     ipod     md5     privilege escalation     flashback trojan     vcenter     zte     flashback     openssl     nat     ms09027     apple     social networking     mozilla     rfc2181     wireshark     firefox     patch     google     logs     devices     helpdesk     backdoor     blackhole     fail     incident handlers     firewall     hp procurve 5400     snow leopard     privacy     incident response team     backtrack 5 r2     flash     microsoft     shellcode     useragent     dns     cve 20122110     laptop     xss     security update     anti virus     windows 8     safari     malware     incident response     security     os x     phpthumb     windows     msft     black tuesday     ddos     patch tuesday     sysinternals     turbo tax  
site/port/ip search:

ISC Polllink arrow

Which security patch delivery schedule do you prefer?

Latest RR Paperslink arrow

Risk Assessment of Social Media

Shedding Light on Security Incidents Using Network Flows

In-house Penetration Testing for PCI DSS

A Regular Expression Search Primer for Forensic Analysts

Diskless Cluster Computing: Security Benefit of oneSIS and Git

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

PHP 5.4 Remote Exploit PoC in the wild - by: Manuel Humberto Santander Pelaez (2012-05-19)

ZTE Score M Android Phone backdoor - by: Johannes Ullrich (2012-05-18)

Do Firewalls make sense? - by: Johannes Ullrich (2012-05-17)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute