[PHP-BUG] Bug #63455 [NEW]: SIGSEGV

jakub dot galczyk at gmail dot com Wed, 07 Nov 2012 06:13:47 -0800

From:             jakub dot galczyk at gmail dot com
Operating system: Ubuntu
PHP version:      5.4.8
Package:          *Math Functions
Bug Type:         Bug
Bug description:SIGSEGV


Description:
------------
I was checking one bug in CMS (found by someone else) and accidently there
was a SIGSEGV ;]



Test script:
---------------
Exploit code ('script to test') is here:
http://www.exploit-db.com/exploits/15369/

CMS (I saw that we need to have this CMS in /wwwroot) to test:
http://www.geardownload.com/webdevelopment/auto-cms-download.html

(Below I added a little description grepped from .c file, gdb and valgrind.

Expected result:
----------------
No sigsegv? ;)

(and shell output from this sploit for autocms wroted by giudinvx)


Actual result:
--------------
kuba@box:~/src/php-5.4.8$ /usr/local/bin/php -v
PHP 5.4.8 (cli) (built: Nov  7 2012 13:36:10)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
kuba@box:~/src/php-5.4.8$ /usr/local/bin/php ../../public_html/spl.php
localhost /

Auto CMS <= 1.8 Remote Code Execution
Exploit by giudinvx
ShellCMD
WHATEVERGOESHERE:*:*:*
Segmentation fault (core dumped)
kuba@box:~/src/php-5.4.8$

-- 
Edit bug report at https://bugs.php.net/bug.php?id=63455&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=63455&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=63455&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=63455&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=63455&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=63455&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=63455&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=63455&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=63455&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=63455&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=63455&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=63455&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=63455&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=63455&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63455&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=63455&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=63455&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=63455&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63455&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=63455&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=63455&r=mysqlcfg

[PHP-BUG] Bug #63455 [NEW]: SIGSEGV

Reply via email to