ID: 48036 Updated by: paj...@php.net Reported By: y dot le dot ny at ifrance dot com -Status: Open +Status: Bogus Bug Type: cURL related Operating System: All (Linux and Sun Solaris) PHP Version: 5.2.9 New Comment:
duplicated #48027 Previous Comments: ------------------------------------------------------------------------ [2009-04-21 12:36:54] y dot le dot ny at ifrance dot com Description: ------------ There is a big security problem with CURL module in PHP 5.2.9. I use the latest stable release PHP 5.2.9 and the latest stable release Curl 7.19.4 on Redhat Enterprise Linux 3 and 4, on Sun Solaris 8 and 10 and I can reproduce the exploit that is explained at this URL : http://securityreason.com/achievement_securityalert/61 Please find the problem and patch php curl module 's code source here : http://cvs.php.net/viewvc.cgi/php-src/ext/curl/ Reproduce code: --------------- http://securityreason.com/achievement_securityalert/61 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48036&edit=1