[Pmwiki-users] Security problem of php, is this problem in pmwiki too?

Jonathan Scott Duff duff
Thu Dec 16 08:17:56 CST 2004


On Thu, Dec 16, 2004 at 07:56:54AM -0700, Patrick R. Michaud wrote:
> Any script can have security holes, not just PHP scripts.  Perl gives
> a cgi-bin programmer even *more* rope with which to hang himself...
> 
> But I'll briefly address here the vulnerabilities from the article above.
> 
> [01 - pack() - integer overflow leading to heap bufferoverflow ]
> [02 - unpack() - integer overflow leading to heap info leak ]
> 
> None of PmWiki's scripts use the pack() or unpack() functions.

I'll just point out here that I don't think Pm is saying anything
about cookbook scripts that may be used with PmWiki. Caveat emptor
applies there.

-Scott
-- 
Jonathan Scott Duff
duff at pobox.com



More information about the pmwiki-users mailing list