possible dos attack with wordpress + php float issues with non cached sites

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • fris
    Too lazy to set a custom title
    • Aug 2002
    • 55679

    #1

    possible dos attack with wordpress + php float issues with non cached sites

    their is a float issue with php and it could be used for a denial of service attack, by simply visiting the url with many connections, like using apache benchmark tool. I submitted the bug to the wordpress trac.

    just a warning/heads up.

    http://core.trac.wordpress.org/ticket/16097
    Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.
  • Jack Sparrow
    Almost goners..
    • May 2008
    • 11420

    #2
    Thanks fris.

    Comment

    • Klen
      • Aug 2006
      • 32235

      #3
      Nice to know you even doing debugging now.

      Comment

      • fris
        Too lazy to set a custom title
        • Aug 2002
        • 55679

        #4
        hopefully this will be fixed soon
        Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

        Comment

        • bl4h
          Confirmed User
          • Jul 2006
          • 1282

          #5
          I only cared about the PHP bug part

          so i kept reading to find out where the problem is and apparently its an unfixable, design flaw in Intel architecture. i dont think wordpress will be able to fix it. cause no matter what you do even if you attempt to sanitize the number via php, its gonna to hit the bug. This doesnt effect all machines/setups, its a hardware thing
          Last edited by bl4h; 01-04-2011, 01:37 PM.

          Comment

          • uno
            RIP Dodger. BEST.CAT.EVER
            • Dec 2002
            • 18450

            #6
            I can't wait to upgrade AGAIN!
            -uno
            icq: 111-914
            CrazyBabe.com - porn art
            MojoHost - For all your hosting needs, present and future. Tell them I sent ya!

            Comment

            • rowan
              Too lazy to set a custom title
              • Mar 2002
              • 17393

              #7
              So this magic number is going to hang ANY php script which is expecting a number as an input variable?!? We're fucked then.

              Wonder if $blah = round($_GET["variable"]); will also hang?

              Comment

              • rowan
                Too lazy to set a custom title
                • Mar 2002
                • 17393

                #8
                php -r "print 2.2250738585072011e-308;"

                Tried it on all my servers running various versions of FreeBSD and PHP... 32 bit OS versions consistently hang, 64 bit ones work fine.

                I bet a bunch of /b/'ers are creaming their pants right now.



                edit: to answer my earlier question, php -r "echo round(2.2250738585072011e-308);" also hangs. Looks like fixing PHP is the only solution.
                Last edited by rowan; 01-04-2011, 04:16 PM.

                Comment

                • V_RocKs
                  Damn Right I Kiss Ass!
                  • Nov 2003
                  • 32449

                  #9
                  Oh yeah... some of you fuckers are getting some love right now...

                  Muuaahhhahahahahahahaha!

                  Comment

                  Working...