[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: PHP IMAP segfault

From: Jesse Keating <jkeating j2solutions net>
To: fedora-legacy-list redhat com
Subject: Re: PHP IMAP segfault
Date: Fri, 02 Dec 2005 09:21:42 -0800

On Fri, 2005-12-02 at 10:13 -0700, Michal Jaegermann wrote:
> If those headers are stored without checks in some fixed size memory
> region, and headers are bigger than that, then bad things will
> happen.  Backtraces you posted suggest that stack was indeed corrupted.
> In such case this is a security issue.

If we can prove the issue and reproduce it, we need to alert vendor-sec
for a CVE, and then keep quite about it until the public date is
reached.

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating

References:
- Re: PHP IMAP segfault
  - From: John Dalbec
- Re: PHP IMAP segfault
  - From: Michal Jaegermann

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]