Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Sep 2015 14:51:24 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>, security@....net,
	cve-assign@...re.org
Subject: CVE Request: PHP remote exploits (even more)

Hi,

the last patch of PHP remote exploits have no CVEs assigned yet, but here are even more.

Please assign CVEs.

http://php.net/ChangeLog-5.php#5.4.45

	https://bugs.php.net/bug.php?id=70172	Use After Free Vulnerability in unserialize() 
		Given attacker input to unserialize() we should consider this a security issue.

	https://bugs.php.net/bug.php?id=70219	Use after free vulnerability in session deserializer
		Same.

	https://bugs.php.net/bug.php?id=70388	SOAP serialize_function_call() type confusion / RCE
		Definitely, even the summary has enough indication for me.

	https://bugs.php.net/bug.php?id=70365	yet another use-after-free vulnerability in unserialize() with SplObjectStorage
		I would also say this can be attacker driven, so needs a CVE.

	https://bugs.php.net/bug.php?id=70366	yet another use-after-free vulnerability in unserialize() with SplDoublyLinkedL
		Same.
	
	https://bugs.php.net/bug.php?id=69782	NULL pointer dereference
		Denial of service, these queries might be fed from remote.

Perhaps CVEs also for:
	https://bugs.php.net/bug.php?id=70385	Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes

	Questionable. It seems no crash was observed, so no denial of service. At most a information leak.

	https://bugs.php.net/bug.php?id=70312 	HAVAL gives wrong hashes in specific cases

	Questionable. I am not sure this is attacker driveable or if an attacker could do anything with this.


	https://bugs.php.net/bug.php?id=70345

	Various PCRE issues caused by the regexp string. There has been a tendency to either declare this CVE worthy or
	declare that its not attacker driven usually.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ