PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Foundations of Pear: Authentication
In Case You Missed It...The Week of March 19, 2006
Compressing and Caching Dynamic Output
Use PHP To Create Custom Web-Based Honeypots with GHH
The Benefits of Using Objects with Databases

[PHP-DEV] PHP 4.0 Bug #6642 Updated: Userspace exploit crashes web-serving machine From: jmoore <email protected>
Date: 12/29/00

Next message: jhostetler <email protected>: "[PHP-DEV] PHP 4.0 Bug #8480: TSRM.dsp has LF only; needs CRLF"
Previous message: simon.southwood <email protected>: "[PHP-DEV] PHP 4.0 Bug #8472: calling a function in a regular expression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ID: 6642
Updated by: jmoore
Reported By: macabre <email protected>
Old-Status: Assigned
Status: Closed
Bug Type: Feature/Change Request
Assigned To:
Comments:

unassigning it

Previous Comments:
---------------------------------------------------------------------------

[2000-12-29 12:30:04] jmoore <email protected>
OK for me it isnt that bad.. each apache process dies in turn but the computer is still 100% usable even with 1000 requests, the usage of apache grows then apache becomes defunct at which point another process is started.

This is with apache as mod_php and CGI.

CHanging this to a feature change request as your asking that a script cannot include itself.

James

---------------------------------------------------------------------------

[2000-12-23 21:07:12] jmoore <email protected>
I will test to see if this is the case if so I doubt there will be a fix due to speed but maybe somthing for a future safemode improvemnt.

James

---------------------------------------------------------------------------

[2000-09-09 15:01:25] macabre <email protected>
Using: Apache 1.3.12/PHP4 with MySQL support

I have recently discovered a bug in PHP 4 (but not specifically 4)
which unviels the fact that any user on the system can crash the machine
with a very simple PHP document. They can do this by using the Include()
function to include the same document being loaded, causing a serious recursion problem which will quickly max out CPU and memory usage of the web-serving machine, especially if a phpInfo() call is done before the Include()

I am currently working on a patch for this.

Here is the exploitable code:

index.php:

---------------------------------------------------------------------------

Full Bug description available at: http://bugs.php.net/?id=6642

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: jhostetler <email protected>: "[PHP-DEV] PHP 4.0 Bug #8480: TSRM.dsp has LF only; needs CRLF"
Previous message: simon.southwood <email protected>: "[PHP-DEV] PHP 4.0 Bug #8472: calling a function in a regular expression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]