Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Sat, 13 Dec 2008 19:07:59 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re:  Re: CVE Request - roundcubemail

* Florian Weimer:

> * Raphael Geissert:
>
>> I became aware of some sort of code execution vulnerability one day
>> before that ticket was reported. After reviewing the file I
>> determined that it isn't a vulnerability in roundcube, but in PHP
>> itself; but I'm open to be proved wrong.
>
> I think this is a documented feature of preg_replace with the "e"
> flag, comparable to what happens when you use string concatenation to
> create SQL statements.

Scratch that, I had an off-by-one error in matching search/replace
terms. 8-(

Therefore, I agree with Raphael that the issue has not been found yet.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux