oss-sec mailing list archives
PHP remote code execution introduced via HashDoS fix
From: Tomas Hoger <thoger () redhat com>
Date: Thu, 2 Feb 2012 20:12:22 +0100
Hi! Internets are buzzing with info on the PHP flaw found by Stefan Esser in the fix for CVE-2011-4885. http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html http://svn.php.net/viewvc?view=revision&revision=323007 This got CVE-2012-0830 assigned earlier today. This is sent to make the assignment public and avoid possible duplicate assignment. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- PHP remote code execution introduced via HashDoS fix Tomas Hoger (Feb 02)
- Re: PHP remote code execution introduced via HashDoS fix Solar Designer (Feb 02)
- Re: PHP remote code execution introduced via HashDoS fix Pierre Joye (Feb 02)
- Re: PHP remote code execution introduced via HashDoS fix Solar Designer (Feb 02)