[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Mar 2008 18:58:41 -0400
From: Micah Anderson <micah@...eup.net>
To: oss-security@...ts.openwall.com
Subject: CVE Request: PHP PECL module APC vulnerable to stack-based buffer overflow
As this ticket demonstrates, the popular PHP PECL extension APC
(Alternative PHP Cache: http://pecl.php.net/package/APC), which is
slated for inclusion in PHP core in PHP6, is vulnerable to a stack-based
buffer overflow attack due to no bounds checking, which can lead to a
privilege escalation.
http://pecl.php.net/bugs/bug.php?id=13415
The vulnerable code appeared in the APC CVS on June 30th, so APC 3.0.11
and newer are vulnerable.
Thanks,
Micah
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ