Date: Fri, 08 Aug 2008 15:31:45 +0200 From: Christian Hoffmann <hoffie@...too.org> To: oss-security@...ts.openwall.com Subject: CVE request: php-5.2.6 overflow issues Heya, two security issues, which might possibly allow for arbitrary code execution (afaik nobody has analyzed the details...), but at least DoS (think of FastCGI setups), were silently fixed in PHP again: * Overflow in ext/gd's imageloadfont() function    * Overflow in php's internal memnstr() function which is exposed to userspace as "explode()"     As those functions might take user-supplied data in certain webapps (which is a valid use case at least in case of explode()), those issues should probably expected to be remotely exploitable. Those issues are fixed by the recent php-4.4.9 release, but they affect php-5.2.6 as well and the fixes are not part of any released version in case of 5.2. Can we get CVEs for these please? :)  http://bugs.gentoo.org/show_bug.cgi?id=234102  http://www.php.net/archive/2008.php#id2008-08-07-1  http://news.php.net/php.cvs/51219  http://news.php.net/php.cvs/52039  http://news.php.net/php.cvs/52002 -- Christian Hoffmann Download attachment "signature.asc" of type "application/pgp-signature" (261 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ