Lucene search

K
packetstormEric RomangPACKETSTORM:40972
HistoryOct 26, 2005 - 12:00 a.m.

php.4.4.1.txt

2005-10-2600:00:00
Eric Romang
packetstormsecurity.com
14
`Hello,  
  
Here under some stuff to dos apache + php just through an htaccess.  
  
* With .htaccess method :  
  
If you have into your php.ini -> safe_mode = On  
  
Simply put a .htaccess file on the root directory of your website  
with this content :  
  
php_value session.save_path /var/www/somewherehowexist  
  
Apache segfault with :  
  
[Fri Sep 30 10:33:11 2005] [notice] child pid 17743 exit signal   
Trace/breakpoint trap (5)  
  
There was a bug in the apache2handler SAPI, sapi_apache2.c file, that   
made this segfault here possible, the bug now is fixed upstream and   
5.1.0 final, 4.4.1 final and the next 5.0.X release will have the patch.  
  
Also work with session.save_path into a VirtualHost.  
  
  
Gentoo bug report :  
  
http://bugs.gentoo.org/show_bug.cgi?id=107602  
and  
http://bugs.gentoo.org/show_bug.cgi?id=98871  
  
Regards.  
`