lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030327100314.GA18262@php.net>
Date: Thu, 27 Mar 2003 11:03:14 +0100
From: Stefan Esser <s.esser@...atters.de>
To: bugtraq@...urityfocus.com
Subject: RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator



Hello Mr. Mordred (and the rest of the Bugtraq readers),

I happily repeat everything I wrote to you before. Your advisories are
FUD. You release an advisory called: Integer overflow in PHP memory
allocator, rate it as High Risk, but you present the reader some stupid
crash bug in the socket extension that is marked as experimental and
is not enabled by default. I told you before, that the integer over-
flow cannot be used to exploit PHP. If you find a single emalloc call
where some user supplied value is able to allocate a block in the size 
of 4 Gigabyte (on 32bit maschines), then you have found a vulnerability.
Just stating that there is a possible integer overflow if someone 
allocates more than 2^32-7 bytes (2^64-7 bytes) is a joke. A vulnerability
that cannot be exploited may not be rated as: high risk. This can be
compared to calling strcpy a security vulnerability because it can be 
used by a stupid PHP core/extension programmer to produce a bufferoverflow.

Stefan Esser


-- 

--------------------------------------------------------------------------
 Stefan Esser                                        s.esser@...atters.de
 e-matters Security                         http://security.e-matters.de/

 GPG-Key                gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 
 Key fingerprint       B418 B290 ACC0 C8E5 8292  8B72 D6B0 7704 CF6C AE69
--------------------------------------------------------------------------
 Did I help you? Consider a gift:            http://wishlist.suspekt.org/
--------------------------------------------------------------------------



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ