oss-sec mailing list archives
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8
From: Pierre Joye <pierre.php () gmail com>
Date: Tue, 27 Sep 2011 01:27:23 +0200
2011/9/27 Johannes Schlüter <johannes () schlueters de>:
The old code didn't make code secure. There was still a high chance that an attacker might exploit such a broken __autoload() function.
With this change, it is not a chance anymore but a fact. And that's the whole point. -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8, (continued)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
- RE: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Zeev Suraski (Sep 25)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Rasmus Lerdorf (Sep 25)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
- Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen (Sep 26)
- Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Johannes Schlüter (Sep 26)
- Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 26)