[Kolab-devel] Supercolliding a PHP array - DoS Attacks

Gunnar Wrobel wrobel at pardus.de
Tue Jan 10 10:14:47 CET 2012


Quoting Martin Konold <martin.konold at erfrakon.de>:

> Am Montag, 9. Januar 2012, 22:49:52 schrieb ABBAS Alain:
>
> Hi,
>
>> -----Message original-----
>
>> There are a serious Dos Attack issue in PHP prior to 5.3.9
>
> Are you aware of any exploit vector against Kolab which can be abused by an
> non authenticated attacker?

I can send you a one-liner by private mail to take out a test system  
if required.

The Kolab server is vulnerable to this and as described in the  
articles linked by Alain this is not related to authentication. Being  
able to POST to the server is sufficient.

Cheers,

Gunnar

>
> Yours,
> -- martin
> --
> --
> e r f r a k o n
> Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
> Sitz: Adolfstraße 23, 70469 Stuttgart, Partnerschaftsregister  
> Stuttgart PR 126
> http://www.erfrakon.com/
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel

-- 
Core Developer
The Horde Project

e: wrobel at horde.org
t: +49 700 6245 0000
w: http://www.horde.org

pgp: 9703 43BE
tweets: http://twitter.com/pardus_de
blog: http://log.pardus.de





More information about the devel mailing list