Threat Level: Infocon green
Internet Storm Center
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.


PHP 5.4 Remote Exploit PoC in the wild

Published: 2012-05-19,
Last Updated: 2012-05-19 13:46:25 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

1 comment(s)

There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.

Since there is no patch available for this vulnerability yet, you might want to do the following:

  • Block any file upload function in your php applications to avoid risks of exploit code execution.
  • Use your IPS to filter known shellcodes like the ones included in metasploit.
  • Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
  • Use your HIPS to block any possible buffer overflow in your system.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
1 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2012-05-19 Manuel Humberto Santander Pelaez PHP 5.4 Remote Exploit PoC in the wild
2012-05-18 Johannes Ullrich ZTE Score M Android Phone backdoor
2012-05-17 Johannes Ullrich Do Firewalls make sense?
2012-05-17 Adam Swanger ISC Feature of the Week: Tools->Information Gathering
2012-05-16 Johannes Ullrich Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-16 Johannes Ullrich Reserved IP Address Space Reminder
2012-05-15 Dan Goldberg Odd DNS replies from 10 nets and RFC1323 impacting firewalls
2012-05-14 Chris Mohan Laptops at Security Conferences
2012-05-14 Mark Hofman Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7
2012-05-13 Joel Esler Exploit Kits are a mess
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  android     tns listener     hashes     wireless     firefox     zte     rfc1035     incident handlers     md5     openssl     rfc1918     privilege escalation     ipad     patch tuesday     patch     adobe flash player     flashback trojan     mozilla     nat     challenge     ipod     google     sysinternals     mcafee     cve 20122110     windows 8     php     tools     iphone     security update     anti virus     vulnerability assessmentcva     bug fixes     vcenter     spam     javascript     useragent     sha     wardriving     open ssid     incident handling     wireshark     logs     medical malware     packets     vmware     hardening     mac os x     adobe acrobat     devices     microsoft     memory corruption     firewall     flashback malware     ios 511     samba     isc feature     laptop     backdoor     security     java     vista     oracle     hp procurve 5400     cryptography     blackhole     windows vista     incident response     flashback     incident     flash     regripper     wicd     ms09027     scam     shellcode     social networking     fda     adobe     turbo tax     xss     phpthumb     adobe reader     windows     net     safari     ddos     incident response team     apple     bypass     backtrack 5 r2     dns     patches     antivirus malware protection     ntp     os x     rfc2181     incident management     exploitmacosxms09027a     black tuesday     fail     wordpress     helpdesk     malware     msft     privacy     snow leopard  
site/port/ip search:

ISC Polllink arrow

Which security patch delivery schedule do you prefer?

Latest RR Paperslink arrow

Risk Assessment of Social Media

Shedding Light on Security Incidents Using Network Flows

In-house Penetration Testing for PCI DSS

A Regular Expression Search Primer for Forensic Analysts

Diskless Cluster Computing: Security Benefit of oneSIS and Git

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

PHP 5.4 Remote Exploit PoC in the wild - by: Manuel Humberto Santander Pelaez (2012-05-19)

ZTE Score M Android Phone backdoor - by: Johannes Ullrich (2012-05-18)

Do Firewalls make sense? - by: Johannes Ullrich (2012-05-17)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute