Full Disclosure mailing list archives
Re: Critical PHP bug - act ASAP if you are running web with sensitive data
From: Jasper Bryant-Greene <jasper () album co nz>
Date: Wed, 29 Mar 2006 17:54:27 +1200
Tõnu Samuel wrote:
Jasper Bryant-Greene wrote:My point is, can you think of a logical reason why html_entity_decode would be run on user input? I'm sure some idiot is doing it (and therefore this is a security issue, though not exactly critical), but I don't think I can think of a reason why it would be done.Why would you want to decode HTML entities given by a user? The opposite (encode their input into HTML entities) is the usual approach...Ok, this "critical" is my fault. Seeing memory dump of other user data seems serious enough to me and I suspected it might affect different functions despite this one. Now when we know more, I agree that it is less critical than suspected by me. Still it is a problem and as subject told: "if you are running web with sensitive data". Malicious user can upload new script and see what others are doing. In most cases not so critical as I assumed but still bad enough and I really expect to see announcements for such problems faster and patches to come out (I mean RPM-s this time). Right now my systems are unprotected till I start to make packages myself or Novell is going to make one. Three weeks is too much. And what about PHP 4.x and 5.0 users?
Sure, this is still a fairly serious bug. (As an aside, if you have sensitive data, you really shouldn't allow users to upload new scripts, or be running in a shared hosting env.)
I can't speak for other distros, but there's a bug in Gentoo Bugzilla for this: http://bugs.gentoo.org/127939
Jasper _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are runningweb with sensitive data FuntKlakow (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Stefan Esser (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Slythers Bro (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Slythers Bro (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Mar 28)
- Re: PHP html_decode_entity vulnerability Tõnu Samuel (Mar 29)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Jeff Rosowski (Mar 29)