|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [VulnDiscuss] Php RFC1867 Upload Vuln. POC Released
From: Stefano Di Paola (stefano.dipaola
wisec.it)
Date: Thu Sep 30 2004 - 06:04:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Maybe Secunia tought it was the same issue but they're wrong the issue
is different it applies to 4.3.8 and 5.0.1. I didn't released a poc so
they found that (wrong and old) one...instead of contacting me...
"GPC input processing fixes." i think it reassumes both vulns i found.
Yes it's almost critical. But just in some cases.
You can find diff files on
http://cvs.php.net/php-src/main/php_variables.c 1.45.2.7
http://cvs.php.net/php-src/main/rfc1867.c 1.122.2.26
on php 4.3.x branch or 5.0.x branch
Regards,
Stefano
On Thu, 2004-09-30 at 12:43, Florian Weimer wrote:
> * Stefano Di Paola:
>
> > Php 4.3.9 and 5.0.2 have been released with the patch for this
> > vulnerability, so I've decided to release the POC for this vuln.
>
> Secunia reports that this is PHP issue #28456, which has been fixed in
> PHP 4.3.7. Can you confirm whether these defects are distinct or the
> same? The other issue in the 4.3.9 announcement is called "GPC input
> processing fixes", and it seems to be somewhat critical, too.
>
> Is anybody aware of minimal patches relative to PHP 4.3.8 (or earlier
> versions)?
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]