Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:2822
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Date: Thu, 26 Jun 2003 12:14:36 +0200 (CEST)
To: Simon Ejsing <simon@esoft.dk>
cc: internals@lists.php.net
In-Reply-To: <200306261153.51981.simon@esoft.dk>
Message-ID: <Pine.LNX.4.53.0306261214060.21228@jdi.jdimedia.nl>
References: <200306261153.51981.simon@esoft.dk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP-DEV] Serious PHP crash, vaulnarable for every script.
From: derick@php.net (Derick Rethans)

On Thu, 26 Jun 2003, Simon Ejsing wrote:

> 	I've discovered a serious flaw and possibly a security issue in PHP. It is
> possible, by making a simple request to a PHP page, to crash the PHP thread
> with a Segmentation fault, no matter what the script does as it crashes
> before execution.
> 
> 	I'm using PHP version 4.3.2 with Apache 2.0.46 on Linux, and have not found
> anything about this issue in the bug system. I have not tested with any other
> version, nor have I looked into a specific configuration to avoid this
> problem.
> 
> 	I'm not sure where to report this issue, I don't want to explain how to do
> this to everyone, so if I could contact a developer personally I could
> explain the simple procedure.

Please contact security@php.net about this issue.

regards,
Derick

-- 
"Interpreting what the GPL actually means is a job best left to those
                    that read the future by examining animal entrails."
-------------------------------------------------------------------------
 Derick Rethans                                 http://derickrethans.nl/ 
 International PHP Magazine                          http://php-mag.net/
-------------------------------------------------------------------------