[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030218185123.GB18101@php.net>
From: s.esser at e-matters.de (Stefan Esser)
Subject: SuSE Security Announcement: mod_php4 (SuSE-SA:2003:0009)
On Tue, Feb 18, 2003 at 06:36:26PM +0100, Thomas Biege wrote:
> SuSE Security Announcement
>
> Package: mod_php4
> ...
> Vulnerability Type: remote system compromise
Hi Thomas,
I am a little bit confused about the classification of the wordwrap bug.
Since when is a bufferoverflow in a function argument a remote compromise.
Especially when it is in a parameter that is feeded with user input only
in very very very esoteric scripts. It is a local overflow yes, but it will
only overflow if you feed wordwrap with an esoteric line termination
string. And to exploit this bug remotely you do not only need a script
that feeds your userinput to all of wordwraps parameters but you also
need some special formed script so that the heap is perfectly formed
for your exploit to work.
Just my two cents...
Stefan Esser
--
--------------------------------------------------------------------------
Stefan Esser s.esser@...atters.de
e-matters Security http://security.e-matters.de/
GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69
Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69
--------------------------------------------------------------------------
Did I help you? Consider a gift: http://wishlist.suspekt.org/
--------------------------------------------------------------------------
Powered by blists - more mailing lists