[php-maint] Re: another batch of php security issues for review
Martin Schulze
joey at infodrom.org
Tue Aug 29 05:48:42 UTC 2006
sean finney wrote:
> > > CVE-2006-3018 (Unspecified vulnerability in the session extension
> > > functionality in ...)
> > >
> > > this seems similar to the above, only it can result in heap
> > > corruption, which makes me think that perhaps it's appropriate
> > > to fix it (though finding the fix will be less than fun)
> >
> > If we had the fix, we could maybe think about attack vectors. Right
> > now, nearly everything is unspecified and hence difficult to judge.
>
> it looks like it's caused by a possible double-close on an fd:
>
> http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.100.2.2&r2=1.100.2.3&pathrev=PHP_5_2
>
> which would be easy enough to slide into 4.x. though it's not clear
> that this is a security problem and not just a potential nasty bug.
Exactly. Unless somebody explains this to be a security problem, I'd
leave it out of the update.
--
Beware of bugs in the above code; I have only proved it correct,
not tried it. -- Donald E. Knuth
More information about the pkg-php-maint
mailing list