oss-sec mailing list archives
CVE request: php5: multiple issues
From: Raphael Geissert <geissert () debian org>
Date: Thu, 17 Dec 2009 13:23:33 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Stefan Esser on his "Shocking News in PHP Exploitation"[1] presentation reports and analyses a couple of issues: * usort() interruption memory corruption: uksort() although not mentioned on the presentation is also affected. It was recently fixed in 5.2.12 but not considered security-relevant by upstream * explode() information leak * serialize() information leak As mentioned by the presentation all these are local vulnerabilities. [1]http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf Additionally, I've started to closely follow upstream development and found the following issues that were or have not been mentioned anywhere else: Null pointer dereference: http://svn.php.net/viewvc?view=revision&revision=292083 This one looks suspicious, basically a switch from sprintf to snprintf which apparently already happened in the other branches at some point: http://svn.php.net/viewvc?view=revision&revision=291888 Improper decoding, not sure what the impact could be: http://svn.php.net/viewvc?view=revision&revision=291586 Insufficient memory allocation for unicode strings: http://svn.php.net/viewvc?view=revision&revision=291259 I think a cross-vendor security support and tracking effort for php5 is needed. The number of issues silently fixed are a continuous risk, leaving users exposed. What does the others think? Regards, - -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksqhTsACgkQYy49rUbZzlrm4ACcC/WIYLKRJO+UMKu7fZXCOZvp HaoAoIVrcx8oouZ8KcJZiDon7QITQgzB =u60p -----END PGP SIGNATURE-----
Current thread:
- CVE request: php5: multiple issues Raphael Geissert (Dec 17)
- Re: CVE request: php5: multiple issues Eren Türkay (Dec 17)
- Re: CVE request: php5: multiple issues Joe Orton (Dec 17)
- Re: CVE request: php5: multiple issues Raphael Geissert (Dec 18)