Full Disclosure mailing list archives
[Fwd: Re: {Java,PHP} Server Exploits]
From: Leon Kaiser <literalka () gmail com>
Date: Thu, 10 Feb 2011 11:40:28 -0500
From: Leon Kaiser <literalka () gmail com> Reply-to: literalka () gnaa eu To: Cal Leeming [Simplicity Media Ltd] <cal.leeming () simplicitymedialtd co uk> Subject: Re: [Full-disclosure] {Java,PHP} Server Exploits Date: Wed, 09 Feb 2011 19:15:36 -0500 Years, if I'm not mistaken. ======================================================== Leon Kaiser - Head of GNAA Public Relations - literalka () gnaa eu || literalka () goatse fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 "The mask of anonymity is not intensely constructive." -- Andrew "weev" Auernheimer ========================================================
On Wed, 2011-02-09 at 20:00 +0000, Cal Leeming [Simplicity Media Ltd] wrote:Christian, this issue has been 'floating' around for several months now. On Wed, Feb 9, 2011 at 7:56 PM, Christian Sciberras <uuf6429 () gmail com> wrote: Ah, been reading more about it, seems it was fixed. Still, there should have been safeguards around this - I'm thinking they should check existing conversion routines to ensure they're safe... On Wed, Feb 9, 2011 at 8:54 PM, Christian Sciberras <uuf6429 () gmail com> wrote: Was it fixed? What's the current status? The sounds like a major issue, and the lack of info about it is darn impressive. I tried it on my test Windows WAMP server: <?php ob_implicit_flush(true); echo 'Start test...<br/>'; $f=(float)"2.2250738585072011e-308"; echo 'Try 1 => '.$f.'</br>'; $f=floatval("2.2250738585072011e-308"); echo 'Try 2 => '.$f.'</br>'; $f="2.2250738585072011e-308"; echo 'Try 3 => '.(float)$f.'</br>'; echo 'Test failed, server not vulnerable!</br>'; ?> All three tests succeeded in crashing the server. With all due respect, this should NOT have been disclosed without being FIXED (as it seems to me). Plus, I'm a bit amazed such a bug exists in PHP - since converting to floating point is a trivial operation, it should have been limited and safe-guarded from the start. There are a lot of servers out there happily accepting input as floating point values, this bug should be top priority... Chris. On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser <literalka () gmail com> wrote: http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Fwd: Re: {Java,PHP} Server Exploits] Leon Kaiser (Feb 10)
- Re: [Fwd: Re: {Java,PHP} Server Exploits] Valdis . Kletnieks (Feb 10)
- <Possible follow-ups>
- [Fwd: Re: {Java,PHP} Server Exploits] Leon Kaiser (Feb 10)
- [Fwd: Re: {Java,PHP} Server Exploits] Leon Kaiser (Feb 10)