[RCU] canary mismatch on erealloc() - heap overflow detected

8 Aug 2007


      Hi,
just for fun I tried to logon as root (which should IMHO of course not be 
possible). The webserver (FreeBSD, apache2.0.59, PHP5.2.3, 
roundcube0.1.20070608) goes up to 100% for 2 minutes like a DoS.
[Wed Aug 08 10:50:07 2007] [error] [client 192.168.0.1] PHP Fatal error: 
Maximum execution time of 120 seconds exceeded in 
/var/www/roundcube/program/lib/imap.inc on line 134, referer: 
https://webmail/
[Wed Aug 08 10:50:07 2007] [error] [client 192.168.0.1] ALERT - canary 
mismatch on erealloc() - heap overflow detected (attacker '192.168.0.2', 
file '/var/www/roundcube/program/lib/DB/common.php', line 427), referer: 
https://webmail/
What's wrong here?
Thanks, Helmut

List info: http://lists.roundcube.net/users/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[RCU] canary mismatch on erealloc() - heap overflow detected