hacking memacached, suhosin saves

Russell Smith russell.smith at ukd1.co.uk
Mon Dec 10 17:10:45 UTC 2007


Ing. Branislav Gerzo wrote:
> Hello all,
>
> I saw in log files something strange:
> Nov 19 11:24:20 web1 suhosin[87751]: ALERT - canary mismatch on efree() -
> heap overflow or double efree detected (attacker '85.80.162.161',
> file '/data/www/public_html/index.php', line 67)
>
> line 67: $memcache->pconnect($CONF['memcache_host'], $CONF['memcache_port']) or die("Memcache: Could not connect");
>
> Server config:
> PHP Version 4.4.7
> This server is protected with the Suhosin Patch 0.9.6
> memcache: Revision      $Revision: 1.92 $
> FreeBSD
>
> I tried search for "memcache suhosin", nothing found, so maybe you
> should be aware of this and make a correction, if necesary.
>
> Thank you
A quick Google brings up the PHP4 problem + suhosin...

http://forum.hardened-php.net/viewtopic.php?pid=520


More information about the memcached mailing list