Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Buffer overflow in PHP+APC
Posted by: dannyp
Date: March 25, 2008 12:33PM

I recently disclosed a buffer overflow in PHP+APC, and provided a proof of concept local vulnerability. The same technique could be used against a superset of applications that are vulnerable to remote file includes -- allow_url_fopen is of no help to you now, nor is ensuring the string begins or ends with anything specific.

The bug has been fixed in APC CVS there is apparently a new APC release forthcoming.

http://papasian.org/~dannyp/apcsmash.php.txt

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1488

Daniel P

Options: ReplyQuote
Re: Buffer overflow in PHP+APC
Posted by: eXeCuTeR
Date: May 03, 2008 03:13PM

Why did you load 500 times the return address? you could just fill it with more junk actually..
Good job.


Edit: Oh, sorry for bumping this thread!



Edited 1 time(s). Last edit at 05/03/2008 03:14PM by eXeCuTeR.

Options: ReplyQuote


Sorry, only registered users may post in this forum.