Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 Mar 2015 09:32:25 +0300
From: Lior Kaplan <kaplanlior@...il.com>
To: Tyler Hicks <tyhicks@...onical.com>
Cc: oss-security@...ts.openwall.com, "security@....net" <security@....net>
Subject: Re: CVE Request: PHP SoapClient's __call() type
 confusion through unserialize()

On Tue, Mar 31, 2015 at 1:49 AM, Tyler Hicks <tyhicks@...onical.com> wrote:

> On 2015-03-30 23:42:01, Tomas Hoger wrote:
> > On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:
> >
> > > I'd like to request a CVE for the PHP Sec Bug #69085.
> > >
> > > Description:
> > > SoapClient's __call() method is prone to a type confusion
> > > vulnerability which can be used to gain remote code execution through
> > > unsafe unserialize() calls.
> > >
> > > Info:
> > > https://bugs.php.net/bug.php?id=69085
> >
> > There is another unserialize issue fixed in 5.6.7, 5.5.23 and 5.4.39
> > and currently listed on PHP 5 Changelog page:
> >
> > http://php.net/ChangeLog-5.php
> >
> > Fixed bug #68976 (Use After Free Vulnerability in unserialize()).
> (CVE-2015-0231)
> > https://bugs.php.net/68976
>
> I believe that the ChangeLog-5.php page contains a typo since NVD claims
> that CVE-2015-2787 corresponds to PHP bug #68976:
>
>  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2787
>
>
We weren't aware of this CVE assignment... Thanks.

The bug & changelog updated.

Kaplan

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ