Date: Thu, 3 Mar 2011 15:22:04 -0500 From: Michael Scheidell <michael.scheidell@secnap.com> To: <freebsd-ports@freebsd.org> Subject: Re: PHP52 vulnerability Message-ID: <4D6FF86C.7070305@secnap.com> In-Reply-To: <4D6FF565.9070608@netfence.it> References: <4D6FF565.9070608@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
I question the vulnerability. I don't think it applies. the alert is from 2006, and there isn't a POC I have tested against php52- 5.2.17 with nulls in it that seems to trigger anything but 404 errors. (please don't try on ours... this is not a challenge. but if you have a POC, let me know and _I_ will try it) so, php 5.3? big differences! BIG. look at /usr/ports/UPDATING to see. php_ini needs changes also. On 3/3/11 3:09 PM, Andrea Venturoli wrote: > Is there any news on the horizon? > Will a new version be released and/or the port updated? > Any possible patch? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D6FF86C.7070305>