Found security expliot in port phpBB 2.0.8 FreeBSD4.10
cadams at salk.edu
cadams at salk.edu
Wed Dec 29 14:23:23 PST 2004
On Wed, Dec 29, 2004 at 12:51:15PM -0800, Avleen Vig wrote:
> > Julian Elischer <julian at elischer.org> writes:
> > > might be a good idea if we "urged" users to update their phpbb a bit
> > > more vocally.
>
> I was under the impression, that upgrading to PHP 4.3.10 would also fix
> this, or was that a different issue?
There have been multiple issues being attacked: 4.3.10 fixes a problem
where you could exploit code which accepted serialized data structures
directly from clients; most of the prolems were caused, however, by a
bug in phpBB which had nothing to do with this.
In either case the problem has very little to do with PHP - it's yet
another case of programmers not sanitizing input from untrusted
sources.
Chris
More information about the freebsd-security
mailing list