Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SuSE Security Announcement: mod_php4 (SuSE-SA:2003:0009)

From: Stefan Esser <s.esser () e-matters de>
Date: Tue, 18 Feb 2003 19:51:23 +0100
On Tue, Feb 18, 2003 at 06:36:26PM +0100, Thomas Biege wrote:

                        SuSE Security Announcement

        Package:                mod_php4
...
        Vulnerability Type:     remote system compromise


Hi Thomas,

I am a little bit confused about the classification of the wordwrap bug.
Since when is a bufferoverflow in a function argument a remote compromise.
Especially when it is in a parameter that is feeded with user input only
in very very very esoteric scripts. It is a local overflow yes, but it will
only overflow if you feed wordwrap with an esoteric line termination
string. And to exploit this bug remotely you do not only need a script
that feeds your userinput to all of wordwraps parameters but you also
need some special formed script so that the heap is perfectly formed
for your exploit to work.

Just my two cents...

Stefan Esser

-- 

--------------------------------------------------------------------------
 Stefan Esser                                        s.esser () e-matters de
 e-matters Security                         http://security.e-matters.de/

 GPG-Key                gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 
 Key fingerprint       B418 B290 ACC0 C8E5 8292  8B72 D6B0 7704 CF6C AE69
--------------------------------------------------------------------------
 Did I help you? Consider a gift:            http://wishlist.suspekt.org/
--------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: