Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 14 Mar 2011 16:54:22 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: format-string vulnerability in PHP
 Phar extension

Please use CVE-2011-1153 for this.

Thanks.

-- 
    JB



----- Original Message -----
> Hi,
> I just found several format-string vulnerability in PHP Phar
> extension, a
> bug has been filed in the PHP bugtracker (private):
> http://bugs.php.net/bug.php?id=54247
> On error several class methods passes the supplied argument to
> zend_throw_exception_ex()
> which prints a formatted error message using such value as the
> formatter
> string.
> 
> $ sapi/cli/php ../bug.php "%08x.%08x.%08x.%08x.%08x"
> PHP Fatal error: Uncaught exception 'PharException' with message
> 'unable to
> open phar for reading "00000008.00000000.bf95c204.0963e050.00000014"'
> in
> /home/felipe/dev/bug.php:4
> 
> Thanks.
> 
> --
> Regards,
> Felipe Pena

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.