oss-security - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Tue, 27 Sep 2011 14:26:23 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: security@....net
Subject: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8

Let's use CVE-2011-3379 for this.

Thanks.

-- 
    JB


----- Original Message -----
> Could a CVE be assigned for this flaw?  PHP 5.3.7 changed how the
> is_a()
> function worked, and as a result it could allow for remote arbitrary
> code execution if certain specific conditions are met (the blog post
> referenced below has a good writeup of the flaw).
> 
> http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
> https://bugs.php.net/bug.php?id=55475
> https://bugzilla.redhat.com/show_bug.cgi?id=741020
> 
> It looks like this is the fix:
> 
> http://svn.php.net/viewvc/?view=revision&amp;revision=317183
> 
> Thanks.
> 
> --
> Vincent Danen / Red Hat Security Response Team
>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.