phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.


PHP 5.4 Remote Exploit PoC in the wild

Published: 2012-05-19,
Last Updated: 2012-05-19 13:46:25 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

1 comment(s)

There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.

Since there is no patch available for this vulnerability yet, you might want to do the following:

  • Block any file upload function in your php applications to avoid risks of exploit code execution.
  • Use your IPS to filter known shellcodes like the ones included in metasploit.
  • Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
  • Use your HIPS to block any possible buffer overflow in your system.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
1 comment(s)

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2012-05-19 Manuel Humberto Santander Pelaez PHP 5.4 Remote Exploit PoC in the wild
2012-05-18 Johannes Ullrich ZTE Score M Android Phone backdoor
2012-05-17 Adam Swanger ISC Feature of the Week: Tools->Information Gathering
2012-05-17 Johannes Ullrich Do Firewalls make sense?
2012-05-16 Johannes Ullrich Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-16 Johannes Ullrich Reserved IP Address Space Reminder
2012-05-15 Dan Goldberg Odd DNS replies from 10 nets and RFC1323 impacting firewalls
2012-05-14 Chris Mohan Laptops at Security Conferences
2012-05-14 Mark Hofman Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7
2012-05-13 Joel Esler Exploit Kits are a mess
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  vulnerability assessmentcva     scam     regripper     rfc1035     net     wicd     incident     adobe reader     ipad     ios 511     windows vista     ntp     adobe     java     android     mcafee     patches     incident handling     vmware     incident management     spam     adobe flash player     isc feature     tools     wardriving     memory corruption     vista     tns listener     hashes     hardening     mac os x     samba     bug fixes     challenge     flashback malware     wireless     exploitmacosxms09027a     cryptography     php     medical malware     packets     sha     fda     open ssid     antivirus malware protection     oracle     adobe acrobat     iphone     javascript     rfc1918     wordpress     bypass     ipod     md5     privilege escalation     flashback trojan     vcenter     zte     flashback     openssl     nat     ms09027     apple     social networking     mozilla     rfc2181     wireshark     firefox     patch     google     logs     devices     helpdesk     backdoor     blackhole     fail     incident handlers     firewall     hp procurve 5400     snow leopard     privacy     incident response team     backtrack 5 r2     flash     microsoft     shellcode     useragent     dns     cve 20122110     laptop     xss     security update     anti virus     windows 8     safari     malware     incident response     security     os x     phpthumb     windows     msft     black tuesday     ddos     patch tuesday     sysinternals     turbo tax  
site/port/ip search:

ISC Polllink arrow

Which security patch delivery schedule do you prefer?

World Map

world map

Trends

trend graph