Found security expliot in port phpBB 2.0.8 FreeBSD4.10

cadams at salk.edu cadams at salk.edu
Wed Dec 29 14:23:23 PST 2004


On Wed, Dec 29, 2004 at 12:51:15PM -0800, Avleen Vig wrote:
> > Julian Elischer <julian at elischer.org> writes:
> > > might be a good idea if we "urged" users to update their phpbb  a bit
> > > more vocally.
> 
> I was under the impression, that upgrading to PHP 4.3.10 would also fix
> this, or was that a different issue?

There have been multiple issues being attacked: 4.3.10 fixes a problem
where you could exploit code which accepted serialized data structures
directly from clients; most of the prolems were caused, however, by a
bug in phpBB which had nothing to do with this.

In either case the problem has very little to do with PHP - it's yet
another case of programmers not sanitizing input from untrusted
sources.

Chris


More information about the freebsd-security mailing list