Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:32369 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 72051 invoked by uid 1010); 18 Sep 2007 19:29:32 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 72036 invoked from network); 18 Sep 2007 19:29:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Sep 2007 19:29:31 -0000 Authentication-Results: pb1.pair.com header.from=seanius@seanius.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=seanius@seanius.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain seanius.net from 66.93.22.232 cause and error) X-PHP-List-Original-Sender: seanius@seanius.net X-Host-Fingerprint: 66.93.22.232 cobija.connexer.com Received: from [66.93.22.232] ([66.93.22.232:45568] helo=cobija.connexer.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 03/B3-56209-81720F64 for ; Tue, 18 Sep 2007 15:29:29 -0400 Received: from rangda.local (h-234-204.A189.cust.bahnhof.se [81.170.234.204]) by cobija.connexer.com (Postfix) with ESMTP id 4A26C17C2E1 for ; Tue, 18 Sep 2007 15:29:26 -0400 (EDT) To: internals@lists.php.net Date: Tue, 18 Sep 2007 21:30:39 +0200 User-Agent: KMail/1.9.7 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1578033.JDhiQvbfLb"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-ID: <200709182130.44018.seanius@seanius.net> Subject: CVE-2007-4840 From: seanius@seanius.net (sean finney) --nextPart1578033.JDhiQvbfLb Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline hey guys, i'm just going through the latest batch of CVE's and it doesn't look like=20 there's a fix for CVE-2007-4840 yet: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-4840 Description PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial = of=20 service (application crash) via (1) a long string in the out_charset=20 parameter to the iconv function; or a long string in the charset parameter = to=20 the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strl= en=20 function. NOTE: this might not be a vulnerability in most web server=20 environments that support multiple threads, unless these issues can be=20 demonstrated for code execution. http://www.securityfocus.com/archive/1/archive/1/478730/100/0/threaded http://securityreason.com/securityalert/3122 i took a quick look through CVS and i didn't see anything that looked like = a=20 fix. any comments? thanks, sean --nextPart1578033.JDhiQvbfLb Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBG8CdjynjLPm522B0RAlLNAJ46ZBp7EL7Fv801HtEzjQy9hrL2rQCeMEjx lBOdZ7W5YYkCBw5XKIgKbyQ= =mvfy -----END PGP SIGNATURE----- --nextPart1578033.JDhiQvbfLb--