mailing list archives
RE: Windows PHP 4.x "0-day" buffer overflow
From: <mercenary () hushmail com>
Date: Sun, 8 Jan 2006 10:56:21 -0800
-----BEGIN PGP SIGNED MESSAGE-----
This has nothing to do with the named pipe itself. This is a flaw
in the way PHP parses a server name containing a named pipe
If you read it again, you will find this is a classical stack based
buffer overflow before the named pipe is even created. It's a
On Fri, 06 Jan 2006 16:01:59 -0800 LE Backup <lucretias () shaw ca>
I believe using named pipes on windows has ALWAYS been known for
that it was exploitable.
Products we were working on in 2003 were quite aware of this
simply don't use named pipes.
What this has to do with PHP I'm not certain either as this seems
James Friesen, CIO
"Our World Is Here..."
Info at lucretia dot ca
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
-----END PGP SIGNATURE-----
Concerned about your privacy? Instantly send FREE secure email, no account required
Get the best prices on SSL certificates from Hushmail
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/