Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Mar 2011 15:22:04 -0500
From:      Michael Scheidell <michael.scheidell@secnap.com>
To:        <freebsd-ports@freebsd.org>
Subject:   Re: PHP52 vulnerability
Message-ID:  <4D6FF86C.7070305@secnap.com>
In-Reply-To: <4D6FF565.9070608@netfence.it>
References:  <4D6FF565.9070608@netfence.it>

next in thread | previous in thread | raw e-mail | index | archive | help
I question the vulnerability.  I don't think it applies.  the alert is 
from 2006, and there isn't a POC I have tested against php52- 5.2.17 
with nulls in it that seems to trigger anything but 404 errors.
(please don't try on ours...  this is not a challenge. but if you have a 
POC, let me know and _I_ will try it)


so, php 5.3? big differences!  BIG.  look at /usr/ports/UPDATING to 
see.  php_ini needs changes also.

On 3/3/11 3:09 PM, Andrea Venturoli wrote:
> Is there any news on the horizon?
> Will a new version be released and/or the port updated?
> Any possible patch?

-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
 >*| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best in Email Security,2010: Network Products Guide
    * King of Spam Filters, SC Magazine 2008

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________  



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D6FF86C.7070305>