oss-sec mailing list archives
Re: php header() header injection detection bypass
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 01 Sep 2012 20:01:38 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/31/2012 04:42 PM, Raphael Geissert wrote:
Hi, On Friday 31 August 2012 13:38:16 Kurt Seifried wrote:Apologies in advance for my questions but I'm a bit confused (also I don't have access to PHP security bugs so I'm a bit in the dark here). 1) I don't see #54182 and #54006 in the PHP ChangeLog, have these been fixed?[...]2) Are you saying that the "header injection detection bypass" wasn't completely fixed by the patches for #54182 and #54006, and then someone reported #60227, originally reported as #60028 which has been fixed needs a second CVE (e.g. the "an incomplete fix for original issue led to a second fix being pushed" thing)?All the bug reports I mentioned are about exactly the same issue. The non- public ones have been marked as duplicates of the public one. I'm aware of at least 5.4.0 RC5 containing the incomplete fix[1], but I don't know in which exact RC version it made its way into. 5.4.0 beta2 was still vulnerable to CVE-2011-1398. PHP 5.4.1 RC1 already had the proper fix. So, since at least PHP 5.4.0 had the incomplete fix, I guess a new CVE for the incomplete fix is in order. Kurt, could you please assign one? Please let me know if it's not clear enough yet. [1]http://svn.php.net/viewvc/?view=revision&revision=318820 (referenced from #60227)
This is perfect, thanks. Please use CVE-2012-4388 for the incomplete fix for CVE-2011-1398. (this would be easier if the old bug entries were public =).
Cheers,
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQQr4CAAoJEBYNRVNeJnmT8fgP/j8WIOL6loD6wXovpCS1gwlj A/wkadlal5XgFQ01MJaJnjy9p+CkztoofUjMuwGIkJHhDsvvBVzE8w9pbSNhoZfn FMX9m2sP3VAuD5vyTizkmlC4hH3/OufAnglJaLxENa+MX0nUhtkzOnd8g9PA/aLG 9pMjCZBcsL2GPN8C3XrokIao3LwyDTUT1aamOGJKcY3bw439NTZjSzk3cAP8nCPA FvwZsAuZ8Hout4V8szmTJr6yLx6OfA5Al44dhFqjUEuHKTZSpUDbR86UOByrO9fJ ALPxX7Z8JmHD3EiiSs4BgTfubd783ovONdSUJsiNFidQoYlna8mPpw9Qgt692sSR n2KXHk958mujRR6/Bc1lds6FdT7Qg+4usOs8cj3VVltDc+UpKm4oBTZ+jbnl+TQo iXfQGpWzwZ/caOAoozBpUikVZlZdT6xu2PfLrwSiqVZ+MRvD1p07IWWHMEeNma7c FZtE4OsmtmYaSX/xSkgPBLIzLjOlVJdkH4694ACuhiR62iwxy2vvLYqGx2+Spmzg WXJ5iLF/QHyJFJZYFostGtOaIGqW9b9GLHve8f0xyhneJRRi7Tw5h0A14GhHEbpY lH37OTKZ0oKVUErLpXlw8zblwsrgUWJPcJpIRkdvxz9li33FOY7jasSKsJGXhOYl L+x3hnfMOaRizpGA40nK =knYF -----END PGP SIGNATURE-----
Current thread:
- php header() header injection detection bypass Raphael Geissert (Aug 29)
- Re: php header() header injection detection bypass Kurt Seifried (Aug 31)
- Re: php header() header injection detection bypass Raphael Geissert (Aug 31)
- Re: php header() header injection detection bypass Kurt Seifried (Sep 01)
- Re: php header() header injection detection bypass Eygene Ryabinkin (Sep 04)
- Re: php header() header injection detection bypass cve-assign (Sep 04)
- Re: Re: php header() header injection detection bypass Raphael Geissert (Sep 04)
- Re: php header() header injection detection bypass cve-assign (Sep 05)
- Re: Re: php header() header injection detection bypass Raphael Geissert (Sep 06)
- Re: php header() header injection detection bypass Raphael Geissert (Aug 31)
- Re: Re: php header() header injection detection bypass Eygene Ryabinkin (Sep 04)
- Re: php header() header injection detection bypass Kurt Seifried (Aug 31)