oss-sec mailing list archives
Re: CVE Request: PHP: out of bounds read crashes php-cgi
From: cve-assign () mitre org
Date: Wed, 31 Dec 2014 12:30:26 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://bugs.php.net/bug.php?id=68618 (out of bounds read crashes php-cgi). http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35
Use CVE-2014-9427. Can you clarify what threat models exist that cross privilege boundaries? Bug #68618 says "could disclose server memory, but anyone that can upload php scripts can do far worse." Is the only relevant scenario that the attacker uploads a crafted .php file and thereby obtains read access (that would otherwise be unavailable) to memory locations within a parent process? Or is it relevant that a victim may accidentally upload an incorrect .php file, and may expect that this is harmless, but the actual behavior is that PHP reads and executes out-of-bounds data that the victim did not wish to execute? - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUpC2DAAoJEKllVAevmvmsVe4H/j/BC4vvhBLkW/HlwJcEzY+K AqRpWEVMJkdENeipMbtITrKnL/bIdG/46SNLZ53HkHVXL8p7rWCPu6eNdOlmlH1N 9o65IyMmsoVfRa5dQxENKLYCo/vwtu+tCeRxDdgHS686EF+BhIQY7JtNGcXfnnNG 1sZAwt5XjHP+m6ySJSR5ZVPeXyYe3goWjqdz+I4WbIEjgz+GsdikUA0jo6nFUwN9 sWl0RJ14Q3/lfH+Rrm8zXNZ94moLifRdrUTwsLgpKD/L1ir/gCMo8lBjYJeQ0wcu 6WneySUyOpA7oKQioM0tG36/I0u2/8EO0M9V2EfdLqj2k3SELi+ej2Tcw4RiOn8= =1Nqq -----END PGP SIGNATURE-----
Current thread:
- CVE Request: PHP: out of bounds read crashes php-cgi Salvatore Bonaccorso (Dec 31)
- Re: CVE Request: PHP: out of bounds read crashes php-cgi cve-assign (Dec 31)