--On October 15, 2006 2:50:34 PM -0400 Bill Moran
<[EMAIL PROTECTED]> wrote:
Have you looked at the vulnerability? There are only certian coding
instances that would actually open this up to any attack vector. Since
the bug is in unserialize, it's pretty easy audit a program to ensure
that it isn't vulnerable.
"absolute fool" seems a little extreme.
Perhaps. How many people are talented enough to understand the
vulnerability and how it's exploited and know *for certain* that they
won't have a problem?
It would be different if we were talking about an app that isn't exploited
much. Php is exploited every day, even when it's fully patched, due to
the complexity of the attacks and the lack of understanding of most people
who code in php.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/