From owner-freebsd-questions Wed Mar 6 23:47:41 2002 Delivered-To: freebsd-questions@freebsd.org Received: from lv.raad.tartu.ee (lv.raad.tartu.ee [194.126.106.110]) by hub.freebsd.org (Postfix) with ESMTP id 50DB037B437 for ; Wed, 6 Mar 2002 23:47:31 -0800 (PST) Received: Message by Barricade lv.raad.tartu.ee with ESMTP id g277lRK21846; Thu, 7 Mar 2002 09:47:27 +0200 Message-Id: <200203070747.g277lRK21846@lv.raad.tartu.ee> Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48); 7 Mar 02 09:46:56 +0200 Received: from SpoolDir by INFO (Mercury 1.48); 7 Mar 02 09:46:50 +0200 From: "Toomas Aas" Organization: Tartu City Government To: "Peter Brezny" , freebsd-questions@freebsd.org Date: Thu, 7 Mar 2002 09:46:40 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: getting hold of an older port version In-reply-to: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Peter! On 6 Mar 02 at 13:38 you wrote: > Specifically mod_php4 using php 4.0.6 (yes I know it's vulnerable). The way I read the e-matters security advisory, PHP 4.0.6 *on FreeBSD* should be safe. Excrept from http://security.e-matters.de/advisories/012002.html: ----------------- cut here -------------------------------- PHP 4.0.6-4.0.7RC2 - broken boundary check (very easy to exploit) Finally I want to mention that the boundary check vulnerabilities are only exploitable on linux or solaris. ----------------- cut here -------------------------------- -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * @dress: A garment worn by some people when emailing at home. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message