Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 May 2009 11:51:44 +0200
From: Oden Eriksson <oeriksson@...driva.com>
To: oss-security@...ts.openwall.com
Subject: Re: php mb_ereg_replace()

onsdag 13 maj 2009 09:40:20 skrev  Sebastian Krahmer:
> Hi,
>
> anyone aware of Bugtraq ID 34873 (http://www.securityfocus.com/bid/34873)?
> Seems there is no CVE or anything else (not even a patch).
>
> Sebastian

Got this reply from Derick Rethans asking on security@....net:

> It was brought to my attention there is a new security issue in php as shown 
> here:
> 
> http://www.securityfocus.com/bid/34873
> 
> Could you please advice?

How is this a bug, the documentation for mb_ereg_replace writes:

"If e  is specified, replacement  string will be evaluated as PHP 
expression. "

In the example "e" is specified, so of course it will execute the code. 

regards,
Derick

-- 
Regards // Oden Eriksson

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ