Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Aug 2015 11:49:45 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: more php unserializing issues

Hi,

I am not sure these have CVE ids yet:

https://bugs.php.net/bug.php?id=70068
Dangling pointer in the unserialization of ArrayObject items
	impact: remote code execution


https://bugs.php.net/bug.php?id=70166
https://bugs.php.net/bug.php?id=70155 (dup)
Use After Free Vulnerability in unserialize() with SPLArrayObject

https://bugs.php.net/bug.php?id=70168
Use After Free Vulnerability in unserialize() with SplObjectStorage

https://bugs.php.net/bug.php?id=70169
Use After Free Vulnerability in unserialize() with SplDoublyLinkedList


These look like they can be exploited for code execution.


https://bugs.php.net/bug.php?id=70019
Files extracted from archive may be placed outside of destination directory

(indirect reference also  https://msisac.cisecurity.org/advisories/2015/2015-091.cfm
 and the php release notes
 http://php.net/ChangeLog-5.php#5.4.44
 http://php.net/ChangeLog-5.php#5.5.28
 http://php.net/ChangeLog-5.php#5.6.12
)

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ