Greetings, I was testing out the source code on http://online.securityfocus.com/archive/82/259542 on my box and I have the following installed (to the best of my knowledge) using rpm -q <target name> mod_php4-core-4.0.6-147 phplib-7.2c-45 phpdoc-4.0.3-38 mod_php4-4.0.6-147 apache-1.3.19-48 And according to " <? phpinfo() ?> " PHP Version 4.0.6 Apache/1.3.19 IP Location used for test: http://192.168.0.2/time.php Hostname: lead.box.yankee (although in THIS test in THIS msg I used IP num) Port: 80 ---- time.php 's source code is ---- <center> <H1> <? echo "Connect!" ?><br> </H1> <? print(date("l dS of F Y h:i:s A")); ?><br><br> <? phpinfo() ?><br> </Center> <HR> ---- time.php 's source code is ---- after compiling apache_php.c and running these commands phil@lead > ./a.out 192.168.0.2 80 /time.php phil@lead > ./a.out 192.168.0.2 80 ./time.php phil@lead > ./a.out 192.168.0.2 80 "/time.php" phil@lead > ./a.out 192.168.0.2 80 "./time.php" phil@lead > ./a.out 192.168.0.2 80 "/time.php/" phil@lead > ./a.out 192.168.0.2 80 "./time.php/" phil@lead > ./a.out 192.168.0.2 80 ./time.php/ I get /var/log/httpd/error_log [Tue Mar 5 17:13:29 2002] [error] [client 192.168.0.2] Invalid URI in request POST ./time.php HTTP/1.0 [Tue Mar 5 17:14:08 2002] [error] [client 192.168.0.2] Invalid URI in request POST ./time.php HTTP/1.0 [Tue Mar 5 17:14:20 2002] [error] [client 192.168.0.2] Invalid URI in request POST ./time.php/ HTTP/1.0 [Tue Mar 5 17:14:25 2002] [error] [client 192.168.0.2] Invalid URI in request POST ./time.php/ HTTP/1.0 I'd also note that with 7 command line attempts above only 4 log entries were written. Three log entries are "missing" ;o) /var/log/httpd/access_log (note: they are now showing) 192.168.0.2 - - [05/Mar/2002:17:13:08 -0800] "POST /time.php HTTP/1.0" 200 7865 192.168.0.2 - - [05/Mar/2002:17:13:29 -0800] "POST ./time.php HTTP/1.0" 400 338 192.168.0.2 - - [05/Mar/2002:17:14:02 -0800] "POST /time.php HTTP/1.0" 200 7865 192.168.0.2 - - [05/Mar/2002:17:14:08 -0800] "POST ./time.php HTTP/1.0" 400 338 192.168.0.2 - - [05/Mar/2002:17:14:16 -0800] "POST /time.php/ HTTP/1.0" 200 7865 192.168.0.2 - - [05/Mar/2002:17:14:20 -0800] "POST ./time.php/ HTTP/1.0" 400 339 192.168.0.2 - - [05/Mar/2002:17:14:25 -0800] "POST ./time.php/ HTTP/1.0" 400 339 I know apache is still up cause I have several exploitable versions of php software (php-nuke, phorum) that I had been testing for exploits. (which I did find.) The question is SuSE immune to this "Proof of Concept Exploit" I have SuSE 7.2 only to test on, the guy that wrote this has, RedHat 7.0 with apache 1.3.22 I don't have any other boxes I can test on except win boxes (which doesn't matter for this particular question) -- Linux 2.4.7-4GB #1 Thu Oct 25 17:53:12 GMT 2001 i586