| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060108185632.1466733C23@mailserver5.hushmail.com> Date: Sun Jan 8 18:56:41 2006 From: mercenary at hushmail.com (mercenary@...hmail.com) Subject: RE: Windows PHP 4.x "0-day" buffer overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This has nothing to do with the named pipe itself. This is a flaw in the way PHP parses a server name containing a named pipe declaration. If you read it again, you will find this is a classical stack based buffer overflow before the named pipe is even created. It's a parsing error. On Fri, 06 Jan 2006 16:01:59 -0800 LE Backup <lucretias@...w.ca> wrote: >I believe using named pipes on windows has ALWAYS been known for >MANY YEARS >that it was exploitable. > >Products we were working on in 2003 were quite aware of this >potential, and >simply don't use named pipes. > >What this has to do with PHP I'm not certain either as this seems >to >highlight MySQL. > >Cheers, > >James Friesen, CIO > >Lucretia Enterprises >"Our World Is Here..." >Info at lucretia dot ca >http://lucretia.ca > > -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkPBXxAACgkQLpU3lrW2nNMuXQCghzGCcZzuOpZL5xSOaQW+ef/RHisA njIicbv6w9ZgWDOiLn4l2WGwl5NI =mgxU -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485
Powered by blists - more mailing lists