Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Sep 2011 07:56:34 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Cc: security@....net
Subject: CVE request: is_a() function may allow arbitrary code execution in
 PHP 5.3.7/5.3.8

Could a CVE be assigned for this flaw?  PHP 5.3.7 changed how the is_a()
function worked, and as a result it could allow for remote arbitrary
code execution if certain specific conditions are met (the blog post
referenced below has a good writeup of the flaw).

http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
https://bugs.php.net/bug.php?id=55475
https://bugzilla.redhat.com/show_bug.cgi?id=741020

It looks like this is the fix:

http://svn.php.net/viewvc/?view=revision&amp;revision=317183

Thanks.

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ