[php-maint] Re: another batch of php security issues for review
jmm at inutil.org
Thu Aug 31 19:06:10 UTC 2006
Martin Schulze wrote:
> > CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier,
> > allows ...)
> > "buffer underflow" could lead to code execution, though it
> > isn't clear exactly how exploitable it is. according to the
> > patch:
> > http://bugs.php.net/bug.php?id=38322
> > looks like an off-by-one type error, with a simple enough fix,
> > anyway.
> No, this is a non-issue. It requires a malicious PHP script to work.
> The attacker could just use popen(), system() or any other means PHP
We should fix this, it can be leveraged into code injection and there
seem to be applications, which use it in a vulnerable manner.
Also, the patch is easy to review and self-contained.
> > and i *think* that's it...
> Fair enough. Thanks a lot!
Yes, thanks a lot Sean!
More information about the pkg-php-maint