Bugtraq mailing list archives
Critical PHP bug - act ASAP if you are running web with sensitive data
From: Tõnu Samuel <tonu () jes ee>
Date: Tue, 28 Mar 2006 15:55:24 +0300
Hi everybody! I want to tell that pretty nasty bug was discovered in PHP (all tested versions were vulnerable). I do not want to disclose much details as it may hurt many websites. I expect PHP team to make patch first. There is simple way to protect yourself against this bug if you put some code in beginning of every source code looking for weird ASCII bytes before any other code. Make some kind of "white-list" for characters you allow and deny everything else. More details to come when we have PHP patches distributed with major distributions. I might disclose details before to some IDS vendor or other trusted party. Tõnu
Current thread:
- Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Message not available
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Stefan Esser (Mar 28)
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sensitive data Tõnu Samuel (Mar 29)
- Message not available
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jasper Bryant-Greene (Mar 29)
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 29)
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Jeff Rosowski (Mar 31)
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data Stefan Esser (Mar 28)
- Message not available