Edit report at https://bugs.php.net/bug.php?id=63455&edit=1
ID: 63455
Updated by: paj...@php.net
Reported by: jakub dot galczyk at gmail dot com
Summary: SIGSEGV
Status: Open
Type: Bug
Package: *Math Functions
Operating System: Ubuntu
PHP Version: 5.4.8
Block user comment: N
Private report: N
New Comment:
Increase the stack and the problem should go away.
Actually the reproduce script could be reduce to:
preg_match("/(\n|.)*/i", $res, $match);
with the content of $res and $match being previously set.
Previous Comments:
------------------------------------------------------------------------
[2012-11-07 14:13:15] jakub dot galczyk at gmail dot com
Description:
------------
I was checking one bug in CMS (found by someone else) and accidently there was
a SIGSEGV ;]
Test script:
---------------
Exploit code ('script to test') is here:
http://www.exploit-db.com/exploits/15369/
CMS (I saw that we need to have this CMS in /wwwroot) to test:
http://www.geardownload.com/webdevelopment/auto-cms-download.html
(Below I added a little description grepped from .c file, gdb and valgrind.
Expected result:
----------------
No sigsegv? ;)
(and shell output from this sploit for autocms wroted by giudinvx)
Actual result:
--------------
kuba@box:~/src/php-5.4.8$ /usr/local/bin/php -v
PHP 5.4.8 (cli) (built: Nov 7 2012 13:36:10)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
kuba@box:~/src/php-5.4.8$ /usr/local/bin/php ../../public_html/spl.php
localhost /
Auto CMS <= 1.8 Remote Code Execution
Exploit by giudinvx
ShellCMD
WHATEVERGOESHERE:*:*:*
Segmentation fault (core dumped)
kuba@box:~/src/php-5.4.8$
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=63455&edit=1
