[prev in list] [next in list] [prev in thread] [next in thread]
List: kolab-devel
Subject: Re: [Kolab-devel] Supercolliding a PHP array - DoS Attacks
From: "ABBAS Alain" <alain.abbas () libertech ! fr>
Date: 2012-01-10 9:20:05
Message-ID: 20120110092005.407675u7ywsh834s () kolab ! libertech ! fr
[Download RAW message or body]
Hello
It is possible with all requests who works with $_POST or $_GET , that means even \
login page ... Now the risk i think depends how the site or company is known, could \
be annoying for example for a mail provider or a big company but the risk for a small \
company is low.
from :
http://nikic.github.com/2011/12/28/Supercolliding-a-PHP-array.html
Hashtable collisions as DOS attack
At this point you may wonder what the above is actually useful for. For the casual \
user: Not useful at all. But the "bad guys" can easily exploit behavior like the \
above to perform a DOS (Denial of Service) attack on a server. Remember that $_GET \
and $_POST and $_REQUEST are just normal arrays and suffer from the same problems. So \
by sending a specially crafted POST request you can easily take a server down.
PHP is not the only language vulnerable to this. Actually pretty much all other \
languages used for creating websites have similar problems, as was presented at the \
28C3 conference.
But there is hope! PHP already landed a change (which will ship with PHP 5.3.9) which \
will add a max_input_vars ini setting which defaults to 1000. This setting determines \
the maximum number of POST/GET variables that are accepted, so now only a maximum of \
1000 collisions can be created. If you run the above script with 2^10 = 1024 elements \
you will get runtimes in the order of 0.003 seconds, which obviously is far less \
critical than 30 seconds. (Note though that above I am demonstrating an integer key \
collision. You can also collide string keys, in which case the traversal will be a \
good bit slower.)
-----Message original-----
De: "Martin Konold" <martin.konold@erfrakon.de>
Envoyé: 10 janvier 2012 07:21:10 UTC
A: "ABBAS Alain" <alain.abbas@libertech.fr>, "Kolab development coordination" \
<kolab-devel@kolab.org>
Cc:
Sujet : Re: [Kolab-devel] Supercolliding a PHP array - DoS Attacks
Am Montag, 9. Januar 2012, 22:49:52 schrieb ABBAS Alain:
Hi,
> -----Message original-----
> There are a serious Dos Attack issue in PHP prior to 5.3.9
Are you aware of any exploit vector against Kolab which can be abused by an
non authenticated attacker?
Yours,
-- martin
--
--
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Sitz: Adolfstraße 23, 70469 Stuttgart, Partnerschaftsregister Stuttgart PR 126
http://www.erfrakon.com/
_______________________________________________
Kolab-devel mailing list
Kolab-devel@kolab.org
https://kolab.org/mailman/listinfo/kolab-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic