[php-maint] Re: another batch of php security issues for review

Moritz Muehlenhoff jmm at inutil.org
Thu Aug 31 19:06:10 UTC 2006

Martin Schulze wrote:
> > CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier,
> > allows ...)
> > 
> > 	"buffer underflow" could lead to code execution, though it 
> > 	isn't clear exactly how exploitable it is.  according to the
> > 	patch:
> > 
> > 	http://bugs.php.net/bug.php?id=38322
> > 
> > 	looks like an off-by-one type error, with a simple enough fix, 
> > 	anyway.
> No, this is a non-issue.  It requires a malicious PHP script to work.
> The attacker could just use popen(), system() or any other means PHP
> offers.

We should fix this, it can be leveraged into code injection and there
seem to be applications, which use it in a vulnerable manner.
Also, the patch is easy to review and self-contained.

> > and i *think* that's it...
> Fair enough.  Thanks a lot!

Yes, thanks a lot Sean!


More information about the pkg-php-maint mailing list