[prev in list] [next in list] [prev in thread] [next in thread]
List: kolab-devel
Subject: Re: [Kolab-devel] Supercolliding a PHP array - DoS Attacks
From: Gunnar Wrobel <wrobel () pardus ! de>
Date: 2012-01-10 9:14:47
Message-ID: 20120110101447.Horde.apLzHLvgjhlPDAGHxlux70A () temple ! gunnarwrobel ! de
[Download RAW message or body]
Quoting Martin Konold <martin.konold@erfrakon.de>:
> Am Montag, 9. Januar 2012, 22:49:52 schrieb ABBAS Alain:
>
> Hi,
>
>> -----Message original-----
>
>> There are a serious Dos Attack issue in PHP prior to 5.3.9
>
> Are you aware of any exploit vector against Kolab which can be abused by =
an
> non authenticated attacker?
I can send you a one-liner by private mail to take out a test system
if required.
The Kolab server is vulnerable to this and as described in the
articles linked by Alain this is not related to authentication. Being
able to POST to the server is sufficient.
Cheers,
Gunnar
>
> Yours,
> -- martin
> --
> --
> e r f r a k o n
> Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
> Sitz: Adolfstra=DFe 23, 70469 Stuttgart, Partnerschaftsregister
> Stuttgart PR 126
> http://www.erfrakon.com/
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel@kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel
--
Core Developer
The Horde Project
e: wrobel@horde.org
t: +49 700 6245 0000
w: http://www.horde.org
pgp: 9703 43BE
tweets: http://twitter.com/pardus_de
blog: http://log.pardus.de
_______________________________________________
Kolab-devel mailing list
Kolab-devel@kolab.org
https://kolab.org/mailman/listinfo/kolab-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic