Ticket #299 (new defect)

Opened 8 months ago

suhosin detects Heap Overflow

Reported by: andy Assigned to: somebody
Priority: major Milestone:
Component: eAccelerator Version: 0.9.5
Keywords: Cc:

Description

We currently got problems using eAccelerator together with suhosin patch. If Suhosin and eA are enabled and apache is running a few hours, suhosin detects some Errors:

ALERT - canary mismatch on efree() - heap overflow detected (attacker '89.55.*.*', file '/var/www/virtual/forum_new/lib/page/BoardPage.class.php', line 180), referer: http://diginights.com/forum/index.php?page=Index

if only eA is enabled, the apache simple segfaults an exits. if suhosin is enabled and eA disabled, everything works fine, but without eA, the thing makes no sense :(

For the user this effect is shown with completely white PHP Sites.

Our System: Debian Etch Kernel 2.6.22-3-amd64 PHP 5.2.5-2 with Suhosin-Patch 0.9.6.2 eA stable Release-0.9.5.2 Used PHP Software is Woltlab Burning Board. (http://woltlab.com)

any ideas?

thx