| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: s.esser at e-matters.de (Stefan Esser) Subject: SuSE Security Announcement: mod_php4 (SuSE-SA:2003:0009) On Tue, Feb 18, 2003 at 06:36:26PM +0100, Thomas Biege wrote: > SuSE Security Announcement > > Package: mod_php4 > ... > Vulnerability Type: remote system compromise Hi Thomas, I am a little bit confused about the classification of the wordwrap bug. Since when is a bufferoverflow in a function argument a remote compromise. Especially when it is in a parameter that is feeded with user input only in very very very esoteric scripts. It is a local overflow yes, but it will only overflow if you feed wordwrap with an esoteric line termination string. And to exploit this bug remotely you do not only need a script that feeds your userinput to all of wordwraps parameters but you also need some special formed script so that the heap is perfectly formed for your exploit to work. Just my two cents... Stefan Esser -- -------------------------------------------------------------------------- Stefan Esser s.esser@...atters.de e-matters Security http://security.e-matters.de/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69 -------------------------------------------------------------------------- Did I help you? Consider a gift: http://wishlist.suspekt.org/ --------------------------------------------------------------------------
Powered by blists - more mailing lists