RE: Windows PHP 4.x "0-day" buffer overflow

[<mercenary () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This has nothing to do with the named pipe itself. This is a flaw
in the way PHP parses a server name containing a named pipe
declaration.

If you read it again, you will find this is a classical stack based
buffer overflow before the named pipe is even created. It's a
parsing error.

On Fri, 06 Jan 2006 16:01:59 -0800 LE Backup <lucretias () shaw ca>
wrote:
> I believe using named pipes on windows has ALWAYS been known for
> MANY YEARS
> that it was exploitable.
>
> Products we were working on in 2003 were quite aware of this
> potential, and
> simply don't use named pipes.
>
> What this has to do with PHP I'm not certain either as this seems
> to
> highlight MySQL.
>
> Cheers,
>
> James Friesen, CIO
>
> Lucretia Enterprises
> "Our World Is Here..."
> Info at lucretia dot ca
> http://lucretia.ca
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkPBXxAACgkQLpU3lrW2nNMuXQCghzGCcZzuOpZL5xSOaQW+ef/RHisA
njIicbv6w9ZgWDOiLn4l2WGwl5NI
=mgxU
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/