oss-sec mailing list archives
Re: CVE request: PHP 5.2.9
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 8 Apr 2009 14:02:26 -0400 (EDT)
On Wed, 1 Apr 2009, Tomas Hoger wrote:
# Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre) http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.48&r2=1.1.2.49 This should only affect php 5.2.7 or versions that have original fix for CVE-2008-5658 backported.
This was announced in 5.2.9 changelog though, so wouldn't 5.2.8 be affected? Use CVE-2009-1272
# Fixed a segfault when malformed string is passed to json_decode().
Use CVE-2009-1271 - Steve ====================================================== Name: CVE-2009-1271 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1271 Reference: MLIST:[oss-security] 20090401 CVE request: PHP 5.2.9 Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/9 Reference: MISC:http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15 Reference: CONFIRM:http://www.php.net/releases/5_2_9.php The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function. ====================================================== Name: CVE-2009-1272 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1272 Reference: MLIST:[oss-security] 20090401 CVE request: PHP 5.2.9 Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/9 Reference: MISC:http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15 Reference: CONFIRM:http://www.php.net/releases/5_2_9.php The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
Current thread:
- CVE request: PHP 5.2.9 Tomas Hoger (Apr 01)
- Re: CVE request: PHP 5.2.9 Steven M. Christey (Apr 08)
- Re: CVE request: PHP 5.2.9 Tomas Hoger (Apr 09)
- Re: CVE request: PHP 5.2.9 Christian Hoffmann (Apr 14)
- Re: CVE request: PHP 5.2.9 Steven M. Christey (Apr 24)
- Re: CVE request: PHP 5.2.9 Steven M. Christey (Apr 08)