is gentoo affected? i think yes, since i do not see any extra patches in ebuild. Reproducible: Didn't try Steps to Reproduce: get mod_php/4.3.9 request http://yoursite/index.php?xx[][ Actual Results: apache child crashed with segmentation fault.
the fix has been commited in cvs: http://cvs.php.net/php-src/main/php_variables.c 4.3 branch: http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.45.2.7&r2=1.45.2.8&ty=u 5.0 branch: http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.81.2.1&r2=1.81.2.2&ty=u
So basically this crashes the Apache child process that is serving your own request... Could this be exploited to starve ressources somehow and perform a denial of service attack on a web server ? In all cases this must be fixed, but I want to be sure it can be exploited before reassigning it to security...
IMHO it's not exploitable, but should be fixed as it fills your error.log [Wed Oct 20 11:24:12 2004] [notice] child pid 8444 exit signal Segmentation fault (11) [Wed Oct 20 11:24:12 2004] [notice] child pid 8445 exit signal Segmentation fault (11) [Wed Oct 20 11:24:12 2004] [notice] child pid 8446 exit signal Segmentation fault (11) Respawning of apache childs works well, and resources/system-performance starving is minimal on this issue, as far as I could see. I could not produce a denial of service, as other content is delivered, without any slowdown. (Test made with 2000 requests on a P4/2GHz) Regards, Andy.
This does not seem to be a security issue. UnCC'ing security.
Fixed in PHP 4.3.10 and PHP 5.0.3.
