oss-sec mailing list archives
Re: CVE Request -- PHP 5 - 5.2.11
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 22 Sep 2009 01:49:40 -0400 (EDT)
On Sun, 20 Sep 2009, yersinia wrote:
This would appear to be: http://svn.php.net/viewvc?view=revision&revision=287779 which is Windows-specific.I was more wondering why this is a security issue rather than a bug.http://securityvulns.com/Vdocument145.html
Vdocument145.html appears to be about a buffer overflow in the second argument to popen. PHP bug 44683, which is part of the 5.2.11 PHP announcement, focuses on an "e" or "er" value in the second argument. It also suggests the core problem is in the Microsoft C function _fdopen. The Vdocument145.html issue may well be the same - maybe _fdopen doesn't handle *any* invalid mode string, and the exploit has "A" as the first character, which is invalid. The actual behavior of _fdopen is not immediately clear to me. Maybe there's really a buffer overflow going on. Vdocument145.html also doesn't seem to mention anything about Windows, so maybe this applies to other OSes. The scope of PHP bug #44683 may be very limited, but since the vendor is trying to communicate that it's a security problem to its customers, it's still reasonable to assign a CVE to it (momentarily). - Steve
Current thread:
- CVE Request -- PHP 5 - 5.2.11 Jan Lieskovsky (Sep 18)
- Re: CVE Request -- PHP 5 - 5.2.11 Nico Golde (Sep 18)
- Re: CVE Request -- PHP 5 - 5.2.11 Joe Orton (Sep 18)
- Re: CVE Request -- PHP 5 - 5.2.11 Nico Golde (Sep 19)
- Re: CVE Request -- PHP 5 - 5.2.11 yersinia (Sep 20)
- Re: CVE Request -- PHP 5 - 5.2.11 Steven M. Christey (Sep 21)
- Re: CVE Request -- PHP 5 - 5.2.11 Joe Orton (Sep 18)
- Re: CVE Request -- PHP 5 - 5.2.11 Nico Golde (Sep 18)