[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030327100314.GA18262@php.net>
Date: Thu, 27 Mar 2003 11:03:14 +0100
From: Stefan Esser <s.esser@...atters.de>
To: bugtraq@...urityfocus.com
Subject: RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
Hello Mr. Mordred (and the rest of the Bugtraq readers),
I happily repeat everything I wrote to you before. Your advisories are
FUD. You release an advisory called: Integer overflow in PHP memory
allocator, rate it as High Risk, but you present the reader some stupid
crash bug in the socket extension that is marked as experimental and
is not enabled by default. I told you before, that the integer over-
flow cannot be used to exploit PHP. If you find a single emalloc call
where some user supplied value is able to allocate a block in the size
of 4 Gigabyte (on 32bit maschines), then you have found a vulnerability.
Just stating that there is a possible integer overflow if someone
allocates more than 2^32-7 bytes (2^64-7 bytes) is a joke. A vulnerability
that cannot be exploited may not be rated as: high risk. This can be
compared to calling strcpy a security vulnerability because it can be
used by a stupid PHP core/extension programmer to produce a bufferoverflow.
Stefan Esser
--
--------------------------------------------------------------------------
Stefan Esser s.esser@...atters.de
e-matters Security http://security.e-matters.de/
GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69
Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69
--------------------------------------------------------------------------
Did I help you? Consider a gift: http://wishlist.suspekt.org/
--------------------------------------------------------------------------
Powered by blists - more mailing lists