[Kolab-devel] Supercolliding a PHP array - DoS Attacks
Gunnar Wrobel
wrobel at pardus.de
Tue Jan 10 10:14:47 CET 2012
Quoting Martin Konold <martin.konold at erfrakon.de>:
> Am Montag, 9. Januar 2012, 22:49:52 schrieb ABBAS Alain:
>
> Hi,
>
>> -----Message original-----
>
>> There are a serious Dos Attack issue in PHP prior to 5.3.9
>
> Are you aware of any exploit vector against Kolab which can be abused by an
> non authenticated attacker?
I can send you a one-liner by private mail to take out a test system
if required.
The Kolab server is vulnerable to this and as described in the
articles linked by Alain this is not related to authentication. Being
able to POST to the server is sufficient.
Cheers,
Gunnar
>
> Yours,
> -- martin
> --
> --
> e r f r a k o n
> Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
> Sitz: Adolfstraße 23, 70469 Stuttgart, Partnerschaftsregister
> Stuttgart PR 126
> http://www.erfrakon.com/
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel
--
Core Developer
The Horde Project
e: wrobel at horde.org
t: +49 700 6245 0000
w: http://www.horde.org
pgp: 9703 43BE
tweets: http://twitter.com/pardus_de
blog: http://log.pardus.de
More information about the devel
mailing list