Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:11366 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 65652 invoked by uid 1010); 20 Jul 2004 08:42:51 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 65545 invoked from network); 20 Jul 2004 08:42:50 -0000 Received: from unknown (HELO out2.smtp.messagingengine.com) (66.111.4.26) by pb1.pair.com with SMTP; 20 Jul 2004 08:42:50 -0000 Received: from server3.messagingengine.com (server3.internal [10.202.2.134]) by mail.messagingengine.com (Postfix) with ESMTP id C1D9DC1244C for ; Tue, 20 Jul 2004 04:42:49 -0400 (EDT) Received: by server3.messagingengine.com (Postfix, from userid 99) id 2BBAC17D285; Tue, 20 Jul 2004 04:42:50 -0400 (EDT) Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 1.4 (F2.72; T1.001; A1.62; B3.01; Q3.01) To: internals@lists.php.net Date: Tue, 20 Jul 2004 01:42:50 -0700 X-Sasl-Enc: AByrFKve9tAlSEDzNWOvsw 1090312970 Message-ID: <1090312970.20797.200698630@webmail.messagingengine.com> Subject: Want to know about security vulnerablity that was fixed in PHP4.3.8 From: kameshj@fastmail.fm ("Kamesh Jayachandran") Hi All, I have PHP-4.2.3. As per http://security.e-matters.de/advisories/112004.html , my PHP is vulnerable. I have a overview of the problem. Can someone answer my questions which make my understanding of the problem even better? 1)Only code that tries to create/initialize a Non-Persistent hash table is vulnerable under certain cases. True or False. 2)How come some remote attacker can set the Destructor to point to the function of his choice? 3)Where can I get the patch for this vulnerablity for PHP-4.2.3. 4)Can some one point to the executable test case for this problem so that I can test before and after incorporating the fix? With regards Kamesh Jayachandran