lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.20.9.1509161614320.7318@trent.utfs.org> Date: Wed, 16 Sep 2015 16:20:11 -0700 (PDT) From: Christian Kujau <lists@...dbynature.de> To: Taoguang Chen <taoguangchen@...il.com> Cc: fulldisclosure <fulldisclosure@...lists.org> Subject: Re: [FD] Use After Free Vulnerabilities in unserialize() On Sat, 5 Sep 2015, Taoguang Chen wrote: > The PoC works on standard MacOSX 10.11 installation of PHP 5.4.43. Has 10.11 been released yet? And MacOSX 10.10.5 already ships with PHP v5.5.27 $ php uafpoc.php Warning: Class __PHP_Incomplete_Class has no unserializer in uafpoc.php on line 20 bool(false) $ php -v PHP 5.5.27 (cli) (built: Jul 23 2015 00:21:59) Copyright (c) 1997-2015 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies -- BOFH excuse #394: Jupiter is aligned with Mars. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists