Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
From: <sir.mordred () hushmail com>
Date: Thu, 27 Mar 2003 17:25:27 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

Stefan nicely asked me to provide real examples in the PHP source code
in which was used something like - emalloc(userinput).
In the advisory has been 2 examples, first used emalloc(userinput +1),

second - emalloc(userinput + 2). Guess that was enough for understanding
and fixing the issue. Really sorry if someone did not get the point,
we don't provide tech support on the subject of our advisories...someday
maybe...As for the note that this is a experimental extension and not
enabled by default - looks like there are some problems with installing
sockets extension, just add --with-sockets option to configure script.

Another example of insecure emalloc() call - mhash_keygen_s2k() function
in the mhash extension which uses emalloc(userinput + 1).

Best regards.
// Sir Mordred


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wmAEARECACAFAj6Do8gZHHNpci5tb3JkcmVkQGh1c2htYWlsLmNvbQAKCRAOkXvN4BZr
fDiiAKC2Dcu2cnqYrHD76wT8Qw9trtlBXwCgpuij68JVA18Lcv3g5vXpPDVDmQM=
=qSXr
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427


  By Date           By Thread  

Current thread:
  • RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator sir.mordred (Mar 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]