| Summary: | php-4.3.9/php-5.0.2: segmentation fault when parsing request parameters | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Elan Ruusamäe <glen> |
| Component: | Current packages | Assignee: | PHP Bugs <php-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bugs.php.net/bug.php?id=30442 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Elan Ruusamäe
2004-10-15 03:42:26 UTC
the fix has been commited in cvs: http://cvs.php.net/php-src/main/php_variables.c 4.3 branch: http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.45.2.7&r2=1.45.2.8&ty=u 5.0 branch: http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.81.2.1&r2=1.81.2.2&ty=u So basically this crashes the Apache child process that is serving your own request... Could this be exploited to starve ressources somehow and perform a denial of service attack on a web server ? In all cases this must be fixed, but I want to be sure it can be exploited before reassigning it to security... IMHO it's not exploitable, but should be fixed as it fills your error.log [Wed Oct 20 11:24:12 2004] [notice] child pid 8444 exit signal Segmentation fault (11) [Wed Oct 20 11:24:12 2004] [notice] child pid 8445 exit signal Segmentation fault (11) [Wed Oct 20 11:24:12 2004] [notice] child pid 8446 exit signal Segmentation fault (11) Respawning of apache childs works well, and resources/system-performance starving is minimal on this issue, as far as I could see. I could not produce a denial of service, as other content is delivered, without any slowdown. (Test made with 2000 requests on a P4/2GHz) Regards, Andy. This does not seem to be a security issue. UnCC'ing security. Fixed in PHP 4.3.10 and PHP 5.0.3. |
