[wp-hackers] Fwd: Advisory 09/2006: PHP unserialize()
ArrayCreation Integer Overflow
Aaron Brazell
emmensetech at gmail.com
Mon Oct 9 16:01:58 GMT 2006
On 10/9/06, Dr Deviant <deviant at dr-deviant.net> wrote:
>
>
>
> no security update planned for a critical fix... not very important then?
> :)
>
Since WP relies on a minimum of 4.1.2 (I seem to recall this was the
version) then I'm not bringing it up as a "what do we do about PHP" area of
concern. We won't be relying on 5.2 for a long time, methinks.
However, maybe looking at why we serialize arrays and if there's another way
to skin the cat that circumvents the issue altogether.
I don't know how critical this really is. The bugtraq reporter calls it that
but I don't know that it's easily exploited, etc. Maybe a non-issue, but I
figured bringing it to the attention of the list might generate some
conversation on it.
--
Aaron Brazell
Author & Blogger, http://technosailor.com
Systems Admin, http://b5media.com
Technology Channel Editor, http://b5media.com
"The internet is a series of tubes." -Sen. Ted Stevens
More information about the wp-hackers
mailing list