Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
PHP 5.4 Remote Exploit PoC in the wild
Published: 2012-05-19,
Last Updated: 2012-05-19 13:46:25 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
Last Updated: 2012-05-19 13:46:25 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.
Since there is no patch available for this vulnerability yet, you might want to do the following:
- Block any file upload function in your php applications to avoid risks of exploit code execution.
- Use your IPS to filter known shellcodes like the ones included in metasploit.
- Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
- Use your HIPS to block any possible buffer overflow in your system.
Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org
Keywords:
1 comment(s)
Comments
Please choose a specific diary above to comment
Diary Archives
