Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 08 Aug 2008 15:31:45 +0200
From: Christian Hoffmann <hoffie@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: php-5.2.6 overflow issues

Heya,

two security issues, which might possibly allow for arbitrary code 
execution (afaik nobody has analyzed the details...), but at least DoS 
(think of FastCGI setups), were silently fixed in PHP again:

   * Overflow in ext/gd's imageloadfont() function [1] [2] [3]
   * Overflow in php's internal memnstr() function which is exposed
     to userspace as "explode()" [1] [2] [4] [5]

As those functions might take user-supplied data in certain webapps 
(which is a valid use case at least in case of explode()), those issues 
should probably expected to be remotely exploitable.

Those issues are fixed by the recent php-4.4.9 release, but they affect 
php-5.2.6 as well and the fixes are not part of any released version in 
case of 5.2.

Can we get CVEs for these please? :)


[1] http://bugs.gentoo.org/show_bug.cgi?id=234102
[2] http://www.php.net/archive/2008.php#id2008-08-07-1
[3] http://news.php.net/php.cvs/51219
[4] http://news.php.net/php.cvs/52039
[5] http://news.php.net/php.cvs/52002

-- 
Christian Hoffmann


Download attachment "signature.asc" of type "application/pgp-signature" (261 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.