[Full-Disclosure] Fw: php-exec-dir vulnerable?

["VeNoMouS" <venom@xxxxxxxxxxx>]

Php-exec-dir been fixed for those who care.

http://kyberdigi.cz/projects/execdir/english.html for those who need english 
heh

Bugs
VeNoMouS reported that you can execute commands out of specified directories 
if you prepend a ';' character to the beginning of the command and try to 
execute it with the backtick operator. In original safe_mode_exec_dir the 
backtick operator is turned off, in this patch it is not. Therefore, all the 
patches listed here were updated with a simple fix that ignores commands to 
be run through the backtick operator contaning this dangerous character. A 
warning will be printed to standard output and command will not be run. You 
are strongly encouraged to download new patch for your version of PHP. The 
patches listed in section download are correct ones, so check the MD5 of the 
patch you have to those in the list. All version from 4.3.2 to 4.3.7 
(inclusive) were vulnerable.

----- Original Message ----- 
From: "C. McCohy" <mccohy@xxxxxxxxxxxx>
To: "VeNoMouS" <venom@xxxxxxxxxxx>
Sent: Wednesday, July 07, 2004 9:43 PM
Subject: Re: php-exec-dir vulnerable?


> Ok I fixed all patches to all previous and current versions of the patch,
> description can be found on the project homepage
> http://kyberdigi.cz/projects/execdir/
>
> Please inform all internet groups you have informed about the bug before.
>
> --
> Baj ... C. McCohy
>
> While you are reading this text, an essential hacking tool
> is being silently installed on your computer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html