Threat Level: Infocon green
DShield
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.


ISC StormCast for Monday, May 21st 2012 http://isc.sans.edu/podcastdetail.html?id=2548

PHP 5.4 Remote Exploit PoC in the wild

Published: 2012-05-19,
Last Updated: 2012-05-19 13:46:25 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

1 comment(s)

There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.

Since there is no patch available for this vulnerability yet, you might want to do the following:

  • Block any file upload function in your php applications to avoid risks of exploit code execution.
  • Use your IPS to filter known shellcodes like the ones included in metasploit.
  • Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
  • Use your HIPS to block any possible buffer overflow in your system.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
1 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2012-05-19 Manuel Humberto Santander Pelaez PHP 5.4 Remote Exploit PoC in the wild
2012-05-18 Johannes Ullrich ZTE Score M Android Phone backdoor
2012-05-17 Johannes Ullrich Do Firewalls make sense?
2012-05-17 Adam Swanger ISC Feature of the Week: Tools->Information Gathering
2012-05-16 Johannes Ullrich Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-16 Johannes Ullrich Reserved IP Address Space Reminder
2012-05-15 Dan Goldberg Odd DNS replies from 10 nets and RFC1323 impacting firewalls
2012-05-14 Chris Mohan Laptops at Security Conferences
2012-05-14 Mark Hofman Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7
2012-05-13 Joel Esler Exploit Kits are a mess
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  nat     php     helpdesk     fda     adobe reader     windows 8     incident handling     privacy     laptop     flash     packets     privilege escalation     incident response     security     vcenter     phpthumb     scam     ios 511     tools     hardening     open ssid     firefox     blackhole     adobe     shellcode     hashes     challenge     exploitmacosxms09027a     backdoor     bypass     samba     logs     mac os x     black tuesday     javascript     isc feature     flashback trojan     adobe acrobat     turbo tax     mozilla     microsoft     bug fixes     java     vista     medical malware     incident     oracle     patches     incident management     wardriving     xss     wireshark     security update     firewall     flashback malware     google     useragent     anti virus     regripper     cryptography     patch     rfc2181     patch tuesday     tns listener     windows     ipod     zte     vulnerability assessmentcva     fail     wicd     adobe flash player     md5     memory corruption     safari     social networking     flashback     rfc1918     antivirus malware protection     android     openssl     rfc1035     ms09027     vmware     ddos     net     incident handlers     devices     ipad     sysinternals     dns     sha     wordpress     mcafee     os x     wireless     ntp     hp procurve 5400     backtrack 5 r2     snow leopard     msft     incident response team     windows vista     malware     iphone     apple     cve 20122110  
site/port/ip search:

DSHIELD Polllink arrow

Which security patch delivery schedule do you prefer?

Latest RR Paperslink arrow

Risk Assessment of Social Media

Shedding Light on Security Incidents Using Network Flows

In-house Penetration Testing for PCI DSS

A Regular Expression Search Primer for Forensic Analysts

Diskless Cluster Computing: Security Benefit of oneSIS and Git

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

PHP 5.4 Remote Exploit PoC in the wild - by: Manuel Humberto Santander Pelaez (2012-05-19)

ZTE Score M Android Phone backdoor - by: Johannes Ullrich (2012-05-18)

Do Firewalls make sense? - by: Johannes Ullrich (2012-05-17)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute