Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8
From: Pierre Joye <pierre.php () gmail com>
Date: Tue, 27 Sep 2011 01:27:23 +0200

2011/9/27 Johannes Schlüter <johannes () schlueters de>:

The old code didn't make code secure. There was still a high chance that
an attacker might exploit such a broken __autoload() function.

With this change, it is not a chance anymore but a fact. And that's
the whole point.


@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]