Hi,
apache 2.2.16
php 5.3.3 *with suhosin*
horde 4.0.3
imp 5.0.3
In my syslog, I have a lot of this message:
suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request
variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file
'.../services/ajax.php')
And the search in dimp
Quoting Olivier oliv...@ablinux.com:
Hi,
apache 2.2.16
php 5.3.3 *with suhosin*
horde 4.0.3
imp 5.0.3
In my syslog, I have a lot of this message:
suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request
variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX',
file
Quoting Olivier oliv...@ablinux.com:
suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request
variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX',
file '.../services/ajax.php')
Still waiting for someone to tell me how a NULL character, by itself,
is a security
Quoting Rick Romero r...@havokmon.com:
Quoting Michael M Slusarz slus...@horde.org:
Quoting Olivier oliv...@ablinux.com:
suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request
variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX',
file '.../services/ajax.php')
this can be disabled in suhosin:
http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.disallow_nul
__
Od: Michael M Slusarz
Komu: imp@lists.horde.org
Dátum: 23.05.2011 21:00
Predmet: Re: [imp] BUG: php 5 suhosin
Slusarz Komu: imp@lists.horde.org
Dátum: 23.05.2011 21:00
Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Quoting Rick Romero :
Quoting Michael M Slusarz : Quoting Rick Romero :
Quoting Michael M Slusarz : Quoting Olivier :
suhosin[2446]: ALERT - ASCII-NUL chars
__
Od: Michael M Slusarz Komu: imp@lists.horde.org
Dátum: 23.05.2011 21:00
Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Quoting Rick Romero :
Quoting Michael M Slusarz : Quoting Rick Romero :
Quoting Michael M Slusarz : Quoting Olivier
be disabled in suhosin:
http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.disallow_nul
__
Od: Michael M Slusarz Komu: imp@lists.horde.org
Dátum: 23.05.2011 21:00
Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX
Quoting Rick Romero r...@havokmon.com:
Actually, I run suhosin on FreeBSD 7.2-stable and haven't run into
any issues.
PHP 5.2.14 with Suhosin-Patch 0.9.7 (cli) (built: Aug 29 2010 20:06:55)
The patch has been reported to work fine - apparently, it doesn't much
with Zend internals.
But