[php-maint] Bug#354683: PHP 4.3.10-16 (sarge) remains vulnerable to
info at moritz-naumann.com
Tue Aug 15 00:09:43 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
claim CVE-2006-0207 would not apply to sarges' 4.3.10-16. However, it
The false assumption that the advisory by Stefan Esser (Hardened PHP) at
http://www.hardened-php.net/advisory_012006.112.html would cover both
vectors of CVE-2006-0207, has likely led to an incorrect conclusion of
assuming that CVE-2006-0207 would not affect sarge. However, by my
understanding, this advisory only covers the session injection vector
(vector 1 as mentioned in CVE-2006-0207), not the header() injection
issue (vector 2 as mentioned in CVE-2006-0207) which affects upstream
PHP4 < 4.4.2 and PHP5 < 5.1.2, and also affects sarges' 4.3.10-16.
echo '<?php header("Location: http://example.org/".$_GET["x"]); ?>' \
Then direct your web browser to
(obviously, replace MYDEFAULTHOST by whatever (virtual)host you can
access this script through).
'0' or a client (not PHP!) error with most HTTP clients. You should also
see a page saying "Vulnerable PHP version detected." if you're vulnerable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the pkg-php-maint