[php-maint] Re: another batch of php security issues for review
joey at infodrom.org
Tue Aug 29 05:48:42 UTC 2006
sean finney wrote:
> > > CVE-2006-3018 (Unspecified vulnerability in the session extension
> > > functionality in ...)
> > >
> > > this seems similar to the above, only it can result in heap
> > > corruption, which makes me think that perhaps it's appropriate
> > > to fix it (though finding the fix will be less than fun)
> > If we had the fix, we could maybe think about attack vectors. Right
> > now, nearly everything is unspecified and hence difficult to judge.
> it looks like it's caused by a possible double-close on an fd:
> which would be easy enough to slide into 4.x. though it's not clear
> that this is a security problem and not just a potential nasty bug.
Exactly. Unless somebody explains this to be a security problem, I'd
leave it out of the update.
Beware of bugs in the above code; I have only proved it correct,
not tried it. -- Donald E. Knuth
More information about the pkg-php-maint