[RCU] canary mismatch on erealloc() - heap overflow detected

Helmut Schneider jumper99 at gmx.de
Wed Aug 8 11:12:48 CEST 2007


Hi,

just for fun I tried to logon as root (which should IMHO of course not be 
possible). The webserver (FreeBSD, apache2.0.59, PHP5.2.3, 
roundcube0.1.20070608) goes up to 100% for 2 minutes like a DoS.

[Wed Aug 08 10:50:07 2007] [error] [client 192.168.0.1] PHP Fatal error: 
Maximum execution time of 120 seconds exceeded in 
/var/www/roundcube/program/lib/imap.inc on line 134, referer: 
https://webmail/
[Wed Aug 08 10:50:07 2007] [error] [client 192.168.0.1] ALERT - canary 
mismatch on erealloc() - heap overflow detected (attacker '192.168.0.2', 
file '/var/www/roundcube/program/lib/DB/common.php', line 427), referer: 
https://webmail/

What's wrong here?

Thanks, Helmut 

_______________________________________________
List info: http://lists.roundcube.net/users/



More information about the users mailing list