oss-sec mailing list archives
CVE-2010-2094: PECL's phar code is vulnerable too
From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Sun, 26 Dec 2010 14:31:57 +0300
Good day. It turns out that the PECL's phar extension is vulnerable to the string format vulnerabilities announced in MOPS advisories: MOPS-2010-024: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l473 MOPS-2010-025: http://svn.php.net/viewvc/pecl/phar/trunk/dirstream.c?revision=284729&view=markup#l363 MOPS-2010-026: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l764 MOPS-2010-027: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l120, http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l131, http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l143 MOPS-2010-028: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l195 I think that the entry should be extended. Don't know if PECL code is going to be fixed. CC'ing PHP developers who were last to modify PECL's phar code. -- Eygene
Current thread:
- CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin (Dec 26)
- Re: CVE-2010-2094: PECL's phar code is vulnerable too Felipe Pena (Dec 26)
- Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin (Dec 26)
- Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Felipe Pena (Dec 26)
- Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin (Dec 26)
- Re: CVE-2010-2094: PECL's phar code is vulnerable too Felipe Pena (Dec 26)