Posted on: 03/20/07 03:26pm
By: Yeraze
I'm currently setting up a Geeklog website for a DOD agency, and the
TNOSC[*1] has blocked the 'search.php' because:
the script enables buffer overflow attacks.
Anyone know anything more specific about what they may be referring to? I found an old CVE (CVE-2005-4026) about search.php, but it wasn't about buffer overflows.
:banghead:
Re: Vulnerability in search.php?
Posted on: 03/20/07 03:37pm
By: Dirk
That's certainly the first I am hearing about it ...
If you can get any more information, please forward it (or ask it to be forwarded) to our security contact, i.e. geeklog-security(AT)lists.geeklog.net and we'll look into the issue.
CVE-2005-4026 was mostly harmless (a path disclosure) and shouldn't have anything to do with a buffer overflow.
bye, Dirk