Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: PHP 5.1 update with several security fixes SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP 5.1 update with several security fixes
Summary of security fixes:

Fixed a Cross Site Scripting (XSS) vulnerability in phpinfo().
Fixed multiple safe_mode/open_basedir bypass vulnerabilities in ext/curl and ext/gd .
Fixed a possible $GLOBALS overwrite problem in file upload handling.
Fixed a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls.
Fixed an issue with trailing slashes in allowed basedirs.
Fixed an issue with calling virtual() on Apache 2.
Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN-2005-2491.
Possible header injection in mb_send_mail() function via the To address, the first parameter of the function.

Announcement here

Thanks to Juha-matti!


I will be teaching next: Enterprise and Cloud | Threat and Vulnerability Assessment - SANS Secure Japan 2022

Adrien de Beaupre

353 Posts
ISC Handler
Nov 25th 2005

Sign Up for Free or Log In to start participating in the conversation!