every program that crashes due to overwriting of memory it should not overwrite is subject to overwrite the registers that control the flow of the program, and might, upon user input, execute arbitrary code. the real question is how much can you effect the flow of the program - that depends on where the bug is, and how much the user input to the code is being limited, so before a check, every segfault *might* have security issues behind...
On Thu, 26 Jun 2003, moshe doron wrote: > ummp, sorry for my ignorant, when segfualt consider as "potential security > report"? > > i put similar (?) example in the past on the bugs.php.net that's live there > open about 2 month's till wez fix it, without considering the last sascha > integer overflow hunting project... > > -- > moshe > > "Simon Ejsing" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've discovered a serious flaw and possibly a security issue in PHP. It is > possible, by making a simple request to a PHP page, to crash the PHP thread > with a Segmentation fault, no matter what the script does as it crashes > before execution. > > I'm using PHP version 4.3.2 with Apache 2.0.46 on Linux, and have not found > anything about this issue in the bug system. I have not tested with any > other > version, nor have I looked into a specific configuration to avoid this > problem. > > I'm not sure where to report this issue, I don't want to explain how to do > this to everyone, so if I could contact a developer personally I could > explain the simple procedure. > > - -- > Simon Ejsing, Systemudvikler > esoft ApS, http://www.esoft.dk > Kongensgade 66-68, DK-5000 Odense C. > Tlf: 70 222 466, Fax: 63 122 466 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE++sKv0ZtqfKNZvaARAvs1AJwJpkBTVJLkPB1bSgbXM+it0ophyACfcAgL > bp/REaKd9w792qGx6D7WYRE= > =yiK0 > -----END PGP SIGNATURE----- > > > > -- Best regards, Shimi ---- "Outlook is a massive flaming horrid blatant security violation, which also happens to be a mail reader." "Sure UNIX is user friendly; it's just picky about who its friends are." -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
