Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10

看板FB_security作者時間21年前 (2004/12/30 06:25), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串14/18 (看更多)
On Wed, Dec 29, 2004 at 12:51:15PM -0800, Avleen Vig wrote: > > Julian Elischer <julian@elischer.org> writes: > > > might be a good idea if we "urged" users to update their phpbb a bit > > > more vocally. > > I was under the impression, that upgrading to PHP 4.3.10 would also fix > this, or was that a different issue? There have been multiple issues being attacked: 4.3.10 fixes a problem where you could exploit code which accepted serialized data structures directly from clients; most of the prolems were caused, however, by a bug in phpBB which had nothing to do with this. In either case the problem has very little to do with PHP - it's yet another case of programmers not sanitizing input from untrusted sources. Chris _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 cadams. 的文章
文章代碼(AID): #11qoxb00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 14 之 18 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共18篇)
更多 cadams. 的文章
文章代碼(AID): #11qoxb00 (FB_security)