oss-sec mailing list archives
Re: Re: Stefan Esser's 0day PHP SysCan flaw
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 11 Jul 2010 02:51:18 +0200
Hi, * Pierre Joye <pierre.php () gmail com> [2010-06-30 18:53]:
On Wed, Jun 30, 2010 at 5:32 PM, Raphael Geissert <geissert () debian org> wrote:Raphael Geissert wrote:Here's a public, limited, explanation: http://php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage- deserialization-use-after-free-vulnerability/And the fix by upstream: http://svn.php.net/viewvc?view=revision&revision=300843And Stefan confirmed that the fix is correct (via one of his colleague at SektionsEins).
JFYI, nice writeup from team Nibbles: http://nibbles.tuxfamily.org/?p=1837 Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- Re: Re: Stefan Esser's 0day PHP SysCan flaw Nico Golde (Jul 10)