-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've discovered a serious flaw and possibly a security issue in PHP. It is
possible, by making a simple request to a PHP page, to crash the PHP thread
with a Segmentation fault, no matter what the script does as it crashes
before execution.
I'm using PHP version 4.3.2 with Apache 2.0.46 on Linux, and have not found
anything about this issue in the bug system. I have not tested with any other
version, nor have I looked into a specific configuration to avoid this
problem.
I'm not sure where to report this issue, I don't want to explain how to do
this to everyone, so if I could contact a developer personally I could
explain the simple procedure.
Simon Ejsing, Systemudvikler
esoft ApS, http://www.esoft.dk
Kongensgade 66-68, DK-5000 Odense C.
Tlf: 70 222 466, Fax: 63 122 466
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE++sKv0ZtqfKNZvaARAvs1AJwJpkBTVJLkPB1bSgbXM+it0ophyACfcAgL
bp/REaKd9w792qGx6D7WYRE=
=yiK0
-----END PGP SIGNATURE
I've discovered a serious flaw and possibly a security issue in PHP. It is
possible, by making a simple request to a PHP page, to crash the PHP thread
with a Segmentation fault, no matter what the script does as it crashes
before execution.I'm using PHP version 4.3.2 with Apache 2.0.46 on Linux, and have not found
anything about this issue in the bug system. I have not tested with any other
version, nor have I looked into a specific configuration to avoid this
problem.I'm not sure where to report this issue, I don't want to explain how to do
this to everyone, so if I could contact a developer personally I could
explain the simple procedure.
Please contact security@php.net about this issue.
regards,
Derick
--
"Interpreting what the GPL actually means is a job best left to those
that read the future by examining animal entrails."
Derick Rethans http://derickrethans.nl/
International PHP Magazine http://php-mag.net/
ummp, sorry for my ignorant, when segfualt consider as "potential security
report"?
i put similar (?) example in the past on the bugs.php.net that's live there
open about 2 month's till wez fix it, without considering the last sascha
integer overflow hunting project...
--
moshe
"Simon Ejsing" simon@esoft.dk wrote in message
news:200306261153.51981.simon@esoft.dk...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've discovered a serious flaw and possibly a security issue in PHP. It is
possible, by making a simple request to a PHP page, to crash the PHP thread
with a Segmentation fault, no matter what the script does as it crashes
before execution.
I'm using PHP version 4.3.2 with Apache 2.0.46 on Linux, and have not found
anything about this issue in the bug system. I have not tested with any
other
version, nor have I looked into a specific configuration to avoid this
problem.
I'm not sure where to report this issue, I don't want to explain how to do
this to everyone, so if I could contact a developer personally I could
explain the simple procedure.
Simon Ejsing, Systemudvikler
esoft ApS, http://www.esoft.dk
Kongensgade 66-68, DK-5000 Odense C.
Tlf: 70 222 466, Fax: 63 122 466
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE++sKv0ZtqfKNZvaARAvs1AJwJpkBTVJLkPB1bSgbXM+it0ophyACfcAgL
bp/REaKd9w792qGx6D7WYRE=
=yiK0
-----END PGP SIGNATURE