soulshepard
01-05-2011, 03:14 PM
appreantly 32bit php 4.x and 5.x has a nice bug.
http://bugs.php.net/bug.php?id=53632
it is possible to take down vulnerable PHP apps by this as easily as finding a request variable that is actually accessed. Requesting viewtopic.php?f=2.2250738585072011e-308 for phpBB or index.php?q=2.2250738585072011e-308 for Drupal is enough to freeze the PHP installation if it is affected.
as i read there is a svn commit to fix it. but i guess we will have a fix soon?
copy and pasted from the zend framework lists
--
A critical vulnerability in the PHP engine has just been identified. This exploit is significant because most PHP applications on impacted systems are remotely exploitable to a very simple denial of service attack. Zend has released a security hotfix to address this vulnerability (see below).
Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser (click here for more information).
This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.
Platform Vulnerability
Windows YES
Linux (using 32-bit PHP build) YES
Linux (using 64-bit PHP build) NO
Mac OS NO
IBM i NO
Zend Server and Zend Server CE users should immediately apply the security hotfix.
Linux users: run your package manager's update command (see the Zend Server Installation Guide for more details).
Windows users: download the hotfix.
Hotfixes for Zend Core and Zend Server CE tarball installer are currently being finalized and will be made available soon.
---
http://bugs.php.net/bug.php?id=53632
it is possible to take down vulnerable PHP apps by this as easily as finding a request variable that is actually accessed. Requesting viewtopic.php?f=2.2250738585072011e-308 for phpBB or index.php?q=2.2250738585072011e-308 for Drupal is enough to freeze the PHP installation if it is affected.
as i read there is a svn commit to fix it. but i guess we will have a fix soon?
copy and pasted from the zend framework lists
--
A critical vulnerability in the PHP engine has just been identified. This exploit is significant because most PHP applications on impacted systems are remotely exploitable to a very simple denial of service attack. Zend has released a security hotfix to address this vulnerability (see below).
Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser (click here for more information).
This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.
Platform Vulnerability
Windows YES
Linux (using 32-bit PHP build) YES
Linux (using 64-bit PHP build) NO
Mac OS NO
IBM i NO
Zend Server and Zend Server CE users should immediately apply the security hotfix.
Linux users: run your package manager's update command (see the Zend Server Installation Guide for more details).
Windows users: download the hotfix.
Hotfixes for Zend Core and Zend Server CE tarball installer are currently being finalized and will be made available soon.
---