[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Trent the Uncatchable <trent underscore the underscore uncatchable at yahoo dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PHP bugs - Effect on M0n0wall?
 Date:  Tue, 21 Dec 2004 22:54:32 +0100
On 21.12.2004 12:33 -0800, Trent the Uncatchable wrote:

> First time post, long time reader... :-)
> I've noticed some reports on some recently discovered
> bugs in PHP.  What kind of issues might there be with
> M0n0wall?  Are there any?

To me it doesn't look like any of that applies to m0n0wall. We don't
use safe_mode, and we only use (un)serialize() for the config cache
(= our own data). pack() is being used by the captive portal, but as
far as I can tell from the code diff, the pack() vulnerability only
applies to malformed format strings, which are fixed and don't depend
on user input in m0n0wall.

Don't forget that unless you're using the captive portal, nobody can
even get to the PHP pages on m0n0wall without authentication (which
is handled by mini_httpd). Nonetheless, we'll of course upgrade to
4.3.10 in the next release.

Let me know if there's any indication that one of these bugs might
indeed apply to m0n0wall.

- Manuel