[php-maint] Re: another batch of php security issues for review

Adam Conrad adconrad at debian.org
Tue Aug 29 11:19:50 UTC 2006

Martin Schulze wrote:
> sean finney wrote:
>> CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before
>> 5.1.3 has unknown ...)
>> 	gotta love the "unspecified".  looks like php doesn't perform
>> 	checks on the session name, which can contain any number of
>> 	malicious things and be used for sql injection, xss, etc.
>> 	not sure if this another shoot-yourself-in-the-foot issue or
>> 	whether we should include the fix (which apparently is to only
>> 	allow session names with alphanumeric characters)
> Without more details I can't say more.  Hmm, it's said to be fixed in
> http://www.ubuntu.com/usn/usn-320-1 but not mentioned inside.
>> CVE-2006-3018 (Unspecified vulnerability in the session extension
>> functionality in ...)
>> 	this seems similar to the above, only it can result in heap
>> 	corruption, which makes me think that perhaps it's appropriate
>> 	to fix it (though finding the fix will be less than fun)
> If we had the fix, we could maybe think about attack vectors.  Right
> now, nearly everything is unspecified and hence difficult to judge.

Pre-made patches for both of these can be pulled from debian/patches in
the dapper-security sources.

... Adam

More information about the pkg-php-maint mailing list