A couple more folks tested and we have come to the conclusion that if you had applied the patches on http://www.suse.com/en/support/download/updates/72_i386.html you would get some error like: "[error] [client xxx.xxx.xxx.xxx] Invalid URI in request POST index.php HTTP/1.0" but if you didn't patch it, you would get the Seg Fault error. I turned file_uploads = Off to On and rcapache restart and tested and it didn't make any difference. So I was wrong on that. Hope this explains. I plan to leave file_uploads = Off, and I'd suggest other folks make sure it's patched up. thanks. On Wednesday 06 March 2002 03:14, you wrote:
Greetings,
I just had someone test this in IRC and it crashed his apache. However, I have file_uploads = Off in my /etc/php.ini so, I think this may be why.
thanks for the help .
On Wednesday 06 March 2002 02:19, you wrote:
Yuppa,
phil wrote:
Greetings,
I was testing out the source code on http://online.securityfocus.com/archive/82/259542
this version of the exploit contains an error, the author has posted a corrected version in his next post:
http://online.securityfocus.com/cgi-bin/archive.pl?id=82&start=2002-03-03 &e nd=2002-03-09&mid=259574&threads=0
This is an exploit for the vulns in php4.0.6 et al, published a few days ago. Looks nice... :)
I will also give it a try and re-post.
Boris Lorenz
---
-- Linux 2.4.7-4GB #1 Thu Oct 25 17:53:12 GMT 2001 i586