Hash table vulnerability - PHP solution

From: Yitzchak Schaffer <yitzchak.schaffer_at_nyob>
Date: Fri, 30 Dec 2011 09:59:16 -0500
To: CODE4LIB_at_LISTSERV.ND.EDU 
Hi all,

In case y'all haven't heard, there's this mega-evil hash table DDoS 
domesday thing? Right. The NY PHP list pointed out that the problem can 
be handled deftly on PHP servers by using the Suhosin extension (not the 
patch) with the suhosin.request.max_vars setting (default should work).

http://www.hardened-php.net/suhosin/

More on this issue:
http://seclists.org/fulldisclosure/2011/Dec/486

-- 
Yitzchak Schaffer
Systems Manager
Touro College Libraries
212.742.8770 ext. 2432
http://www.tourolib.org/
Received on Fri Dec 30 2011 - 10:00:38 EST

URL: http://serials.infomotions.com/code4lib/