[php-maint] Re: another batch of php security issues for review
Moritz Muehlenhoff
jmm at inutil.org
Thu Aug 31 19:06:10 UTC 2006
Martin Schulze wrote:
> > CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier,
> > allows ...)
> >
> > "buffer underflow" could lead to code execution, though it
> > isn't clear exactly how exploitable it is. according to the
> > patch:
> >
> > http://bugs.php.net/bug.php?id=38322
> >
> > looks like an off-by-one type error, with a simple enough fix,
> > anyway.
>
> No, this is a non-issue. It requires a malicious PHP script to work.
> The attacker could just use popen(), system() or any other means PHP
> offers.
We should fix this, it can be leveraged into code injection and there
seem to be applications, which use it in a vulnerable manner.
Also, the patch is easy to review and self-contained.
> > and i *think* that's it...
>
> Fair enough. Thanks a lot!
Yes, thanks a lot Sean!
Cheers,
Moritz
More information about the pkg-php-maint
mailing list