** Keine Antwort erforderlich ** no reply needed **
FYI:
I just received the following information
http://www.heise.de/newsticker/meldung/Ungepatche-Luecke-in-aktueller-PHP-V…
(German)
https://isc.sans.edu/diary.html?storyid=13255
"Clarifications/Updates to the original diary:
- This is NOT remote exploitable. An exploit would require the attacker
to upload PHP code to the server, at which point, the attacker could
just use PHP to run shell commands via "exec".
- only the windows version is vulnerable"
"There is a remote exploit in the wild for PHP 5.4.3 in Windows, which
takes advantage of a vulnerability in the com_print_typeinfo
<http://php.net/manual/en/function.com-print-typeinfo.php> function. The
php engine needs to execute the malicious code, which can include any
shellcode like the the ones that bind a shell to a port."
** Keine Antwort erforderlich ** no reply needed **