Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 1 Jul 2011 17:37:20 +0200
From: Tomas Hoger <thoger@...hat.com>
To: OSS Security <oss-security@...ts.openwall.com>
Cc: cxib@...urityreason.com
Subject: php ZipArchive::addGlob() crashes on invalid flags

Hi!

Following PHP bug is marked as security and lists CVE-2011-1657:

https://bugs.php.net/bug.php?id=54681
http://svn.php.net/viewvc/?view=revision&revision=310814

The fix is committed, hence should be released with 5.3.7.

Reporter mentions this really was an underlying glob() implementation
flaw, but that's not entirely true.  Maybe there are some flags that
are not recognized by glob() and still cause it to crash, but the
crashes I've been able to reproduce were due to the use of flags
supported by glob() that require some glob_t struct setup before
calling glob() (such as GLOB_ALTDIRFUNC).

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.