Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 May 2015 17:07:51 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: <kaplanlior@...il.com>, <security@....net>, cve-assign@...re.org
Subject: Re: Re: CVE Request: various issues in PHP

On Wed, 20 May 2015 15:49:34 +0200 Vasyl Kaigorodov wrote:

> > >> https://bugs.php.net/bug.php?id=69418,
> > >> https://bugs.php.net/bug.php?id=68598 - various functions allow
> > >> \0 in paths where they shouldn't. In theory, that could lead to
> > >> security failure for path-based access controls if the user
> > >> injects string with \0 in it. It's a bit theoretical, but it's a
> > >> possibility.
> 
> CVE-2015-4025, CVE-2015-4026 respectively.

Both of these CVEs are addressed in a single commit, that also covers
few other functions not mentioned in either of the two bug reports
(dir()/opendir() and chroot()).  Which CVE do those additional fixes
fall under?  They are not 5.4 regressions, so probably not
CVE-2015-4025, but maybe not under CVE-2015-4026 either given that bug
68598 only mentions pcntl_exec().


I think there are few fixes in 5.4.40 / 5.5.24 / 5.6.8 that should have
CVEs assigned:


https://bugs.php.net/bug.php?id=69353
http://git.php.net/?p=php-src.git;a=commitdiff;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80

More CVE-2015-4025 / CVE-2015-4026 / CVE-2006-7243 like issues.  More
notes on what got changed is in RHBZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1213407#c5


https://bugs.php.net/bug.php?id=69152
http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1

More unserialize issues.


https://bugs.php.net/bug.php?id=68819
http://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd

Fileinfo DoS.


Can CVEs be assigned for these?  Thank you!

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.