[imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread Olivier
Hi, apache 2.2.16 php 5.3.3 *with suhosin* horde 4.0.3 imp 5.0.3 In my syslog, I have a lot of this message: suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') And the search in dimp

Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread Michael J Rubinsky
Quoting Olivier oliv...@ablinux.com: Hi, apache 2.2.16 php 5.3.3 *with suhosin* horde 4.0.3 imp 5.0.3 In my syslog, I have a lot of this message: suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file

Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread Michael M Slusarz
Quoting Olivier oliv...@ablinux.com: suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php') Still waiting for someone to tell me how a NULL character, by itself, is a security

Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread Michael M Slusarz
Quoting Rick Romero r...@havokmon.com: Quoting Michael M Slusarz slus...@horde.org: Quoting Olivier oliv...@ablinux.com: suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file '.../services/ajax.php')

Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread azurIt
this can be disabled in suhosin: http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.disallow_nul __ Od: Michael M Slusarz Komu: imp@lists.horde.org Dátum: 23.05.2011 21:00 Predmet: Re: [imp] BUG: php 5 suhosin

Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread Olivier
Slusarz Komu: imp@lists.horde.org Dátum: 23.05.2011 21:00 Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Olivier : suhosin[2446]: ALERT - ASCII-NUL chars

Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread azurIt
__ Od: Michael M Slusarz Komu: imp@lists.horde.org Dátum: 23.05.2011 21:00 Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Rick Romero : Quoting Michael M Slusarz : Quoting Olivier

Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread Rick Romero
be disabled in suhosin: http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.disallow_nul __ Od: Michael M Slusarz Komu: imp@lists.horde.org Dátum: 23.05.2011 21:00 Predmet: Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX

Re: [imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator

2011-05-23 Thread Michael M Slusarz
Quoting Rick Romero r...@havokmon.com: Actually, I run suhosin on FreeBSD 7.2-stable and haven't run into any issues. PHP 5.2.14 with Suhosin-Patch 0.9.7 (cli) (built: Aug 29 2010 20:06:55) The patch has been reported to work fine - apparently, it doesn't much with Zend internals. But