|
Full Disclosure
mailing list archives
[Fwd: Re: {Java,PHP} Server Exploits]
From: Leon Kaiser <literalka () gmail com>
Date: Thu, 10 Feb 2011 11:40:28 -0500
From: Leon Kaiser <literalka () gmail com>
Reply-to: literalka () gnaa eu
To: Cal Leeming [Simplicity Media Ltd]
<cal.leeming () simplicitymedialtd co uk>
Subject: Re: [Full-disclosure] {Java,PHP} Server Exploits
Date: Wed, 09 Feb 2011 19:15:36 -0500
Years, if I'm not mistaken.
========================================================
Leon Kaiser - Head of GNAA Public Relations -
literalka () gnaa eu || literalka () goatse fr
http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
"The mask of anonymity is not intensely constructive."
-- Andrew "weev" Auernheimer
========================================================
On Wed, 2011-02-09 at 20:00 +0000, Cal Leeming [Simplicity Media Ltd]
wrote:
Christian, this issue has been 'floating' around for several months
now.
On Wed, Feb 9, 2011 at 7:56 PM, Christian Sciberras
<uuf6429 () gmail com> wrote:
Ah, been reading more about it, seems it was fixed.
Still, there should have been safeguards around this - I'm
thinking they should check existing conversion routines to
ensure they're safe...
On Wed, Feb 9, 2011 at 8:54 PM, Christian Sciberras
<uuf6429 () gmail com> wrote:
Was it fixed? What's the current status?
The sounds like a major issue, and the lack of info
about it is darn impressive.
I tried it on my test Windows WAMP server:
<?php
ob_implicit_flush(true);
echo 'Start test...<br/>';
$f=(float)"2.2250738585072011e-308";
echo 'Try 1 => '.$f.'</br>';
$f=floatval("2.2250738585072011e-308");
echo 'Try 2 => '.$f.'</br>';
$f="2.2250738585072011e-308";
echo 'Try 3 => '.(float)$f.'</br>';
echo 'Test failed, server not vulnerable!</br>';
?>
All three tests succeeded in crashing the server.
With all due respect, this should NOT have been
disclosed without being FIXED (as it seems to me).
Plus, I'm a bit amazed such a bug exists in PHP -
since converting to floating point is a trivial
operation, it should have been limited and
safe-guarded from the start.
There are a lot of servers out there happily
accepting input as floating point values, this bug
should be top priority...
Chris.
On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser
<literalka () gmail com> wrote:
http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
