[php-maint] Re: another batch of php security issues for review

Martin Schulze joey at infodrom.org
Tue Aug 29 05:48:42 UTC 2006

sean finney wrote:
> > > CVE-2006-3018 (Unspecified vulnerability in the session extension
> > > functionality in ...)
> > > 
> > > 	this seems similar to the above, only it can result in heap
> > > 	corruption, which makes me think that perhaps it's appropriate
> > > 	to fix it (though finding the fix will be less than fun)
> > 
> > If we had the fix, we could maybe think about attack vectors.  Right
> > now, nearly everything is unspecified and hence difficult to judge.
> it looks like it's caused by a possible double-close on an fd:
> http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=
> which would be easy enough to slide into 4.x.  though it's not clear
> that this is a security problem and not just a potential nasty bug.

Exactly.  Unless somebody explains this to be a security problem, I'd
leave it out of the update.

Beware of bugs in the above code; I have only proved it correct,
not tried it.  -- Donald E. Knuth

More information about the pkg-php-maint mailing list