Date: Tue, 12 Aug 2008 20:45:58 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: coley@...re.org Subject: Re: CVE request: php-5.2.6 overflow issues On Fri, 8 Aug 2008, Christian Hoffmann wrote: > two security issues, which might possibly allow for arbitrary code > execution (afaik nobody has analyzed the details...), but at least DoS > (think of FastCGI setups), were silently fixed in PHP again: > > * Overflow in ext/gd's imageloadfont() function    Use CVE-2008-3658, to be filled in later - I'm assuming this is a distinct component that doesn't just affect PHP. > * Overflow in php's internal memnstr() function which is exposed > to userspace as "explode()"     Use CVE-2008-3659. For the FastCGI "foo..php" issue, use CVE-2008-3660. These will be filled in later. > As those functions might take user-supplied data in certain webapps > (which is a valid use case at least in case of explode()), those issues > should probably expected to be remotely exploitable. We use the term "context-dependent" to cover cases where the reachability and remote/local nature of the issue can vary widely, depending on how the product is used. This term typically applies to libraries or interpreters that are used by third-party applications. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ