Hello Mr. Mordred (and the rest of the Bugtraq readers), I happily repeat everything I wrote to you before. Your advisories are FUD. You release an advisory called: Integer overflow in PHP memory allocator, rate it as High Risk, but you present the reader some stupid crash bug in the socket extension that is marked as experimental and is not enabled by default. I told you before, that the integer over- flow cannot be used to exploit PHP. If you find a single emalloc call where some user supplied value is able to allocate a block in the size of 4 Gigabyte (on 32bit maschines), then you have found a vulnerability. Just stating that there is a possible integer overflow if someone allocates more than 2^32-7 bytes (2^64-7 bytes) is a joke. A vulnerability that cannot be exploited may not be rated as: high risk. This can be compared to calling strcpy a security vulnerability because it can be used by a stupid PHP core/extension programmer to produce a bufferoverflow. Stefan Esser -- -------------------------------------------------------------------------- Stefan Esser s.esser@e-matters.de e-matters Security http://security.e-matters.de/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69 -------------------------------------------------------------------------- Did I help you? Consider a gift: http://wishlist.suspekt.org/ --------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 09:31:36 PST