Full Disclosure mailing list archives
Re: PHP import_request_variables() arbitrary variable overwrite
From: Stefan Esser <sesser () hardened-php net>
Date: Sat, 10 Mar 2007 15:17:38 +0100
Hello,
PHP import_request_variables() arbitrary variable overwrite Date 20060307
I believe all dates in the advisory contain the wrong year...
III. ANALYSIS import_request_variables() is not new to vulnerabilities: consider this change log entry for 24 Nov 2005, PHP 5.1. [quote] - Fixed potential GLOBALS overwrite via import_request_variables() and possible crash and/or memory corruption. (Ilia) [/quote]
Taking into account that the vulnerability you describe is fixed in Hardened-PHP for years and that there is also a protection against this in the Suhosin Extension you can be sure that this NOT a new vulnerability (and that you are not the first one who found it...) For the record, the same vulnerability was reported by me on the 23.10.2004 at 22:05 in a mail to security () php net (before I added the protection to Hardened-PHP) At that time the PHP developers considered it NOT A VULNERABILITY. Well now the PHP developers have commited a fix for this to the PHP CVS, crediting you instead of the original reporter (me) and as usual the fix is only fixing a part of the problem. (Hint: long names like HTTP_POST_VARS do exist...) Stefan Esser Hardened-PHP Project _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PHP import_request_variables() arbitrary variable overwrite Stefano Di Paola (Mar 08)
- Re: PHP import_request_variables() arbitrary variable overwrite Stefan Esser (Mar 10)
- Re: PHP import_request_variables() arbitrary variable overwrite ascii (Mar 10)
- Re: PHP import_request_variables() arbitrary variable overwrite Stefano Di Paola (Mar 10)
- Re: PHP import_request_variables() arbitrary variable overwrite Stefan Esser (Mar 10)
- Re: PHP import_request_variables() arbitrary variable overwrite Stefan Esser (Mar 10)