|
Date: Fri, 08 Aug 2008 15:31:45 +0200
From: Christian Hoffmann <hoffie@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: php-5.2.6 overflow issues
Heya,
two security issues, which might possibly allow for arbitrary code
execution (afaik nobody has analyzed the details...), but at least DoS
(think of FastCGI setups), were silently fixed in PHP again:
* Overflow in ext/gd's imageloadfont() function [1] [2] [3]
* Overflow in php's internal memnstr() function which is exposed
to userspace as "explode()" [1] [2] [4] [5]
As those functions might take user-supplied data in certain webapps
(which is a valid use case at least in case of explode()), those issues
should probably expected to be remotely exploitable.
Those issues are fixed by the recent php-4.4.9 release, but they affect
php-5.2.6 as well and the fixes are not part of any released version in
case of 5.2.
Can we get CVEs for these please? :)
[1] http://bugs.gentoo.org/show_bug.cgi?id=234102
[2] http://www.php.net/archive/2008.php#id2008-08-07-1
[3] http://news.php.net/php.cvs/51219
[4] http://news.php.net/php.cvs/52039
[5] http://news.php.net/php.cvs/52002
--
Christian Hoffmann
Download attachment "signature.asc" of type "application/pgp-signature" (261 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.