Full Disclosure mailing list archives

Re: Advisory 11/2004: PHP memory_limit remote vulnerability

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 14 Jul 2004 09:55:45 +0200

* Stefan Esser:

  Application: PHP <= 4.3.7
               PHP5 <= 5.0.0RC3
     Severity: A vulnerability within PHP allows remote code
               execution on PHP servers with activated memory_limit
         Risk: Critical


Uh-oh.  Has anybody got a minimal patch to fix this issue (and only
this issue)?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Advisory 11/2004: PHP memory_limit remote vulnerability Stefan Esser (Jul 13)
- Re: Advisory 11/2004: PHP memory_limit remote vulnerability Florian Weimer (Jul 14)