| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Mar 2007 15:17:38 +0100 From: Stefan Esser <sesser@...dened-php.net> To: Stefano Di Paola <stefano.dipaola@...ec.it> Cc: FD <full-disclosure@...ts.grok.org.uk>, phpsec <security@....net>, bugtraq@...urityfocus.com Subject: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite Hello, > PHP import_request_variables() arbitrary variable overwrite > Date 20060307 > I believe all dates in the advisory contain the wrong year... > III. ANALYSIS > > import_request_variables() is not new to vulnerabilities: consider this > change log entry for 24 Nov 2005, PHP 5.1. > > [quote] > - Fixed potential GLOBALS overwrite via import_request_variables() and > possible crash and/or memory corruption. (Ilia) > [/quote] > Taking into account that the vulnerability you describe is fixed in Hardened-PHP for years and that there is also a protection against this in the Suhosin Extension you can be sure that this NOT a new vulnerability (and that you are not the first one who found it...) For the record, the same vulnerability was reported by me on the 23.10.2004 at 22:05 in a mail to security@....net (before I added the protection to Hardened-PHP) At that time the PHP developers considered it NOT A VULNERABILITY. Well now the PHP developers have commited a fix for this to the PHP CVS, crediting you instead of the original reporter (me) and as usual the fix is only fixing a part of the problem. (Hint: long names like HTTP_POST_VARS do exist...) Stefan Esser Hardened-PHP Project
Powered by blists - more mailing lists