Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Sep 2015 08:04:14 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>, security@....net,
	cve-assign@...re.org
Subject: Re: CVE Request: more php unserializing issues

Hi,

forgot to CC Mitre and PHP

Ciao, Marcus

On Wed, Aug 19, 2015 at 11:49:45AM +0200, Marcus Meissner wrote:
> Hi,
> 
> I am not sure these have CVE ids yet:
> 
> https://bugs.php.net/bug.php?id=70068
> Dangling pointer in the unserialization of ArrayObject items
> 	impact: remote code execution
> 
> 
> https://bugs.php.net/bug.php?id=70166
> https://bugs.php.net/bug.php?id=70155 (dup)
> Use After Free Vulnerability in unserialize() with SPLArrayObject
> 
> https://bugs.php.net/bug.php?id=70168
> Use After Free Vulnerability in unserialize() with SplObjectStorage
> 
> https://bugs.php.net/bug.php?id=70169
> Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
> 
> 
> These look like they can be exploited for code execution.
> 
> 
> https://bugs.php.net/bug.php?id=70019
> Files extracted from archive may be placed outside of destination directory
> 
> (indirect reference also  https://msisac.cisecurity.org/advisories/2015/2015-091.cfm
>  and the php release notes
>  http://php.net/ChangeLog-5.php#5.4.44
>  http://php.net/ChangeLog-5.php#5.5.28
>  http://php.net/ChangeLog-5.php#5.6.12
> )
> 
> Ciao, Marcus
> 

-- 
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@...e.de>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ