[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds



* Carlos Alberto Lopez Perez <clopez@igalia.com> [2012-02-02 14:46]:
> On 02/02/12 14:31, Stefan Esser wrote:
> > considering the fact that you write this email the very same day that a 
> > remote code execution vulnerability in PHP is found that is easy to 
> > exploit from remote and is greatly mitigated by the use of Suhosin you 
> > look pretty stupid. (In case of usage of Suhosin-Extension in default 
> > config, it is even completely killed).
> > 
> > Just saying.
> 
> I think that you words are out of tone, there is not need to be unpolite
> 
> 
> And where is such exploit??? I don't see any CVE
> 
> http://www.cvedetails.com/product/128/PHP-PHP.html?vendor_id=74

The fact that there is no CVE id or that you don't know about it, has nothing 
to do with something not existing:
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/

Cheers
Nico

Attachment: pgpcKNyhq34_0.pgp
Description: PGP signature


Reply to: