Comment 24 for bug 227464

Revision history for this message
spinkham (steve-pinkham) wrote :

Impact:
  Fixed possible stack buffer overflow in FastCGI SAPI
    Impact:Potential DOS and remote code execution if using FastCGI
  Updated PCRE to deal with issues fixed in USN-581-1
    Impact:potential DOS and code execution
  Fixes CVE-2008-0599
    Impact:Potential DOS and remote code execution
  Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
    Impact: Potential overwriting of system files if cURL is in use
    POC code in the advisory: http://securityreason.com/achievement_securityalert/51
  Properly address incomplete multibyte chars inside escapeshellcmd()
    Impact: If I understand correctly, useful for bypassing character based filtering, leading to remotely running arbitrary commands on the shell