PHP IMAP segfault
Jesse Keating
jkeating at j2solutions.net
Fri Dec 2 17:21:42 UTC 2005
On Fri, 2005-12-02 at 10:13 -0700, Michal Jaegermann wrote:
> If those headers are stored without checks in some fixed size memory
> region, and headers are bigger than that, then bad things will
> happen. Backtraces you posted suggest that stack was indeed corrupted.
> In such case this is a security issue.
If we can prove the issue and reproduce it, we need to alert vendor-sec
for a CVE, and then keep quite about it until the public date is
reached.
--
Jesse Keating RHCE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
More information about the fedora-legacy-list
mailing list