Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Fri, 08 Aug 2008 15:31:45 +0200
From: Christian Hoffmann <hoffie@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: php-5.2.6 overflow issues

Heya,

two security issues, which might possibly allow for arbitrary code 
execution (afaik nobody has analyzed the details...), but at least DoS 
(think of FastCGI setups), were silently fixed in PHP again:

   * Overflow in ext/gd's imageloadfont() function [1] [2] [3]
   * Overflow in php's internal memnstr() function which is exposed
     to userspace as "explode()" [1] [2] [4] [5]

As those functions might take user-supplied data in certain webapps 
(which is a valid use case at least in case of explode()), those issues 
should probably expected to be remotely exploitable.

Those issues are fixed by the recent php-4.4.9 release, but they affect 
php-5.2.6 as well and the fixes are not part of any released version in 
case of 5.2.

Can we get CVEs for these please? :)


[1] http://bugs.gentoo.org/show_bug.cgi?id=234102
[2] http://www.php.net/archive/2008.php#id2008-08-07-1
[3] http://news.php.net/php.cvs/51219
[4] http://news.php.net/php.cvs/52039
[5] http://news.php.net/php.cvs/52002

-- 
Christian Hoffmann


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ