lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030218185123.GB18101@php.net>
From: s.esser at e-matters.de (Stefan Esser)
Subject: SuSE Security Announcement: mod_php4 (SuSE-SA:2003:0009)

On Tue, Feb 18, 2003 at 06:36:26PM +0100, Thomas Biege wrote:
>                         SuSE Security Announcement
> 
>         Package:                mod_php4
> ...
>         Vulnerability Type:     remote system compromise

Hi Thomas,

I am a little bit confused about the classification of the wordwrap bug.
Since when is a bufferoverflow in a function argument a remote compromise.
Especially when it is in a parameter that is feeded with user input only
in very very very esoteric scripts. It is a local overflow yes, but it will
only overflow if you feed wordwrap with an esoteric line termination
string. And to exploit this bug remotely you do not only need a script
that feeds your userinput to all of wordwraps parameters but you also
need some special formed script so that the heap is perfectly formed
for your exploit to work.

Just my two cents...

Stefan Esser

-- 

--------------------------------------------------------------------------
 Stefan Esser                                        s.esser@...atters.de
 e-matters Security                         http://security.e-matters.de/

 GPG-Key                gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 
 Key fingerprint       B418 B290 ACC0 C8E5 8292  8B72 D6B0 7704 CF6C AE69
--------------------------------------------------------------------------
 Did I help you? Consider a gift:            http://wishlist.suspekt.org/
--------------------------------------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ