SecurityFocus

@(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function Apr 01 2003 12:29PM
Sir Mordred (mordred s-mail com) (1 replies)

Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function Apr 03 2003 06:39AM
Goran Krajnovic (goran krajnovic hinet hr) (2 replies)

Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function Apr 04 2003 07:45PM
Javi Lavandeira (javi isr co jp) (1 replies)

Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function Apr 04 2003 08:20PM
Jon Ribbens jon+bugtraq (at) unequivocal.co (dot) uk [email concealed] (jon+bugtraq unequivocal co uk)

Javi Lavandeira <javi (at) isr.co (dot) jp [email concealed]> wrote:
> You seem to be forgetting about PHP's safe_mode, disable_functions
> and open_basedir directives. If configured properly, a user in a
> server with PHP support should not be able to execute commands, read
> other users' files or do anything outside his directory. Even though
> PHP is running with the privileges of the web server, the user
> doesn't have these privileges (again, if properly configured). Many
> ISPs configure PHP in this way.
>
> *IF* the overflow really exists *AND* is exploitable, I would be
> very worried, because *THEN* users could gain the privileges of the
> web server and do things they shouldn't be doing.

Then you should be very worried. Back in September 2000, Zeev Suraski
(PHP developer and co-author of Zend, the PHP4 scripting engine) said:
(http://marc.theaimsgroup.com/?l=php-dev&m=96815200329214)

> safe mode is indeed falsely advertised as being safe. It's very
> likely to contain bugs. As far as I'm concerned, it should be
> clearly advertised as something that would prevent the casual user
> from doing stuff he's not supposed to do, but isn't suitable for
> protecting against hackers.

[ reply ]

Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function Apr 03 2003 10:10PM
Jedi/Sector One (j pureftpd org)