[LUAU] Eek, major PHP remote exploit bug
Julian Yap
julian_yap at yahoo.com
Fri Jan 7 13:29:24 PST 2011
.. Yeah, I'm pretty sure.
eg. Say you're running a particular forum software...
A URL like this will easily bring you down:
http://site.com/forum/viewtopic.php?f=2.2250738585072011e-308
Here's the quick patch:
--- ./Zend/zend_strtod.c.orig Thu Jan 6 14:09:49 2011
+++ ./Zend/zend_strtod.c Thu Jan 6 14:10:17 2011
@@ -2035,7 +2035,7 @@
int bb2, bb5, bbe, bd2, bd5, bbbits, bs2, c, dsign,
e, e1, esign, i, j, k, nd, nd0, nf, nz, nz0, sign;
CONST char *s, *s0, *s1;
- double aadj, aadj1, adj;
+ volatile double aadj, aadj1, adj;
volatile _double rv, rv0;
Long L;
ULong y, z;
--- On Fri, 1/7/11, Ben Kinsey <bkinsey at gmail.com> wrote:
> From: Ben Kinsey <bkinsey at gmail.com>
> Subject: Re: [LUAU] Eek, major PHP remote exploit bug
> To: "LUAU" <luau at lists.freesoftwarehawaii.org>
> Date: Friday, January 7, 2011, 10:54 AM
> The question for me is: can this bug
> be exploited remotely on web
> applications? I filter ids to only expect integers...
> is there an integer
> equivalent that will trigger this bug?
>
>
> On Thu, Jan 6, 2011 at 9:57 AM, Julian Yap <julian_yap at yahoo.com>
> wrote:
>
> > This bug leads to a PHP/server hang.
> >
> > Bug:
> > http://bugs.php.net/bug.php?id=53632
> >
> > More discussion:
> > http://news.ycombinator.com/item?id=2066084
> > http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/
> >
> > Looks to effect 32-bit systems running various 5.x
> versions of PHP.
> >
> > I was able to reproduce it.
> >
> > $ php -v
> > PHP 5.3.3 (cli) (built: Dec 14 2010 13:31:51)
> > Copyright (c) 1997-2010 The PHP Group
> > Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend
> Technologies
> > $ php -r "print 2.2250738585072011e-308;"
> >
> > ... hang!
> >
> > _______________________________________________
> > LUAU at lists.freesoftwarehawaii.org
> mailing list
> >
> > http://lists.freesoftwarehawaii.org/listinfo.cgi/luau-freesoftwarehawaii.org
> >
> _______________________________________________
> LUAU at lists.freesoftwarehawaii.org
> mailing list
> http://lists.freesoftwarehawaii.org/listinfo.cgi/luau-freesoftwarehawaii.org
>
More information about the LUAU
mailing list