oss-sec mailing list archives
Re: CVE-2010-2094: PECL's phar code is vulnerable too
From: Felipe Pena <felipensp () gmail com>
Date: Sun, 26 Dec 2010 10:29:27 -0200
Hi Eygene, 2010/12/26 Eygene Ryabinkin <rea-sec () codelabs ru>
Good day. It turns out that the PECL's phar extension is vulnerable to the string format vulnerabilities announced in MOPS advisories: MOPS-2010-024: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l473 MOPS-2010-025: http://svn.php.net/viewvc/pecl/phar/trunk/dirstream.c?revision=284729&view=markup#l363 MOPS-2010-026: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l764 MOPS-2010-027: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l120 , http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l131 , http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l143 MOPS-2010-028: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l195 I think that the entry should be extended. Don't know if PECL code is going to be fixed. CC'ing PHP developers who were last to modify PECL's phar code.
I've backported the fixes to pecl/phar. Thanks. -- Regards, Felipe Pena
Current thread:
- CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin (Dec 26)
- Re: CVE-2010-2094: PECL's phar code is vulnerable too Felipe Pena (Dec 26)
- Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin (Dec 26)
- Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Felipe Pena (Dec 26)
- Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin (Dec 26)
- Re: CVE-2010-2094: PECL's phar code is vulnerable too Felipe Pena (Dec 26)