[unisog] php memory_limit vulernability.
mwj at doc.ic.ac.uk
Mon Dec 6 16:53:50 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 6 Dec 2004, Vijay S Sarvepalli VSSARVEP wrote:
> I have tested the vulernability
> wget http://www.felinemenace.org/~gyan/phpnolimit.c
> It doesnt seem to work on any of my linux / openbsd systems. It might
> still be tweakable to make the xploit work.
Despite "memory_limit" being set in php.ini, the Zend engine code needed
for the exploit to work is only compiled in if "--enable-memory-limit"
was passed during configure. This is not a default (or even anywhere
near) a normal configuration option.
Matt Johnson <mwj at doc.ic.ac.uk>
Junior Systems Programmer
Computing Support Group
"I was told that a ZIP drive and a floppy drive were both compatible
with my computer. I put a floppy disk in my ZIP drive and it doesn't work!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the unisog