hacking memacached, suhosin saves
Ing. Branislav Gerzo
2ge at 2ge.us
Mon Nov 19 13:32:35 UTC 2007
Hello all,
I saw in log files something strange:
Nov 19 11:24:20 web1 suhosin[87751]: ALERT - canary mismatch on efree() -
heap overflow or double efree detected (attacker '85.80.162.161',
file '/data/www/public_html/index.php', line 67)
line 67: $memcache->pconnect($CONF['memcache_host'], $CONF['memcache_port']) or die("Memcache: Could not connect");
Server config:
PHP Version 4.4.7
This server is protected with the Suhosin Patch 0.9.6
memcache: Revision $Revision: 1.92 $
FreeBSD
I tried search for "memcache suhosin", nothing found, so maybe you
should be aware of this and make a correction, if necesary.
Thank you
More information about the memcached
mailing list