Stefan Esser Month of PHP Bugs project is going strong and here are five more vulnerabilities exposed on March 2nd 2007 :

4. PHP 4 unserialize() ZVAL Reference Counter Overflow During unserialisation of user supplied data that contains a lot of references to a variable the internal 16bit zval reference counter can overflow. This leads to an exploitable double dtor condition.
5. PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability Deserialisation of malformed PHP arrays from within unserialize() might result in a tight endless loop exhausting CPU ressources on 64bit systems.
6. Zend Platform Insecure File Permission Local Root Vulnerability Several binaries and shellscripts installed by the Zend Platform are installed with unsafe permissions that might allow an attacker to gain root privileges.
7. Zend Platform ini_modifier Local Root Vulnerability The ini_modifier of the Zend Platform can be tricked by a local to edit the system php.ini file, which can be used to obtain root privileges.
8. PHP 4 phpinfo() XSS Vulnerability (Deja-vu) phpinfo() does not escape the content of user supplied arrays in GET, POST or COOKIE variables when it displays them which leads to an XSS vulnerability.

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Details about the incident: wordpress.org

As promised, I will keep a close eye on Stefan Esser Month of PHP Bugs project during march 2007. Here are the vulnerabilities exposed on March 1st 2007 :

1. PHP Variable Destructor Deep Recursion Stack Overflow The destruction of deeply nested PHP arrays will exhaust all available stack which leads to remotely triggerable crashes.
2. PHP Executor Deep Recursion Stack Overflow A deep recursion of PHP userland code will exhaust all available stack which leads to a sometimes remotely triggerable crash
3. PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability In PHP 4 userland code is able to overflow the internal 16bit zval reference counter by creating many references to a variable. This leads to an exploitable double dtor condition.

I guess we’ll wait to see what PHP bugs tomorrow brings .

Eyeball Interactive Connectivity Establishment (ICE) can now be integrated with version 2.0 of CableLabs‘s PacketCable firewall and NAT traversal. A smart traversal-state-machine inside the AnyFirewall engine handles the complexities of STUN (simple traversal of UDP through network address translators) and TURN protocols, NAT or firewall types, transport methods, ICE candidates, and delivery checks, the company explains. It enables rapid integration with third-party components such as SIP stacks, RTP libraries, and voice/video engines for building feature-rich applications. Because an image is worth 1000 words, this is the

Eyeball AnyFirewall Engine Architecture: