oss-sec mailing list archives
CVE request: php-5.2.6 overflow issues
From: Christian Hoffmann <hoffie () gentoo org>
Date: Fri, 08 Aug 2008 15:31:45 +0200
Heya,two security issues, which might possibly allow for arbitrary code execution (afaik nobody has analyzed the details...), but at least DoS (think of FastCGI setups), were silently fixed in PHP again:
* Overflow in ext/gd's imageloadfont() function [1] [2] [3]
* Overflow in php's internal memnstr() function which is exposed
to userspace as "explode()" [1] [2] [4] [5]
As those functions might take user-supplied data in certain webapps
(which is a valid use case at least in case of explode()), those issues
should probably expected to be remotely exploitable.
Those issues are fixed by the recent php-4.4.9 release, but they affect php-5.2.6 as well and the fixes are not part of any released version in case of 5.2.
Can we get CVEs for these please? :) [1] http://bugs.gentoo.org/show_bug.cgi?id=234102 [2] http://www.php.net/archive/2008.php#id2008-08-07-1 [3] http://news.php.net/php.cvs/51219 [4] http://news.php.net/php.cvs/52039 [5] http://news.php.net/php.cvs/52002 -- Christian Hoffmann
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: php-5.2.6 overflow issues Christian Hoffmann (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Joe Orton (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Christian Hoffmann (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Joe Orton (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Christian Hoffmann (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Steven M. Christey (Aug 12)
- Re: CVE request: php-5.2.6 overflow issues Christian Hoffmann (Aug 13)
- Re: CVE request: php-5.2.6 overflow issues Joe Orton (Aug 08)