Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/07/14 11:36 AM, Salvatore Bonaccorso wrote:
> Hi
>
> Recent PHP updates mention bug #67498 in their changes[1,2]: Fixed
> bug #67498 (phpinfo() Type Confusion Information Leak
> Vulnerability).
>
> Upstream bug is at [3], which does not seem to have a CVE
> assigned. (If so, could one be assigned?).
>
> [1] http://www.php.net/ChangeLog-5.php#5.4.30 [2]
> http://www.php.net/ChangeLog-5.php#5.5.14 [3]
> https://bugs.php.net/bug.php?id=67498
>
> Thanks in advance,
>
> Regards, Salvatore

There seems to be some confusion about this, e.g. "so what, if you can
run PHP you can read the key file anyways right?" So one question I
have, on a common setup of RHEL6/CentOS6 with Apache/PHP with:

SSLCertificateKeyFile /etc/pki/tls/certs/server.key

- -rw-------. 1 root root 1704 Aug  6  2013 /etc/pki/tls/certs/server.key

is this still exploitable?


- -- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTtzK/AAoJEBYNRVNeJnmTGS8QANuLvRsHdDW/vpl3xXYyQ0uj
490Bt9MrH92TME9wwLCrMgk7Z0MLHq+0Ll0J0YhZZtbXhmK4FRY7xwQVercHpP2m
0Al8cjpAq0lw21TVgGQmCyLVFIgCrjbESRGGs+updfKOfpn+cBM75SlCWXJfACP2
fMq7wz0OoGFYTH4ZCQIPHcNHm0+mR54LsqAmP+f1bnrCTDdBhi8TorX9YhbHgRQH
vcEtT9Cnec87MMjB/x2QRWWvmOcrfSK63ZH3zBc1Bcn6CJQcPfKIen6tKFcIqjIj
pgA4zE/5u5n0Y0HF1SmkaoJif7zwyOWyCgHdxXt7+vwjJMEjEKPwmIlWbVI9LJPP
dqmzQ5rWaV/hSvvqK2H7s9ipuRwOzQzLsqAz7gmvz7tIHzmeD/g/yQl0BGOsy4LL
eiBTN7gD7y/n58Kb+MKkCUYdZkMzcgFTqoXBFaTVlOYAd6Y4P72/hh+2xi1Ckaet
LOKbCFgvFUzClCGD990iX3UhhOdoWf4g1XUpOD1YwKRYnkb5vwzCfQuxSP8rvND9
+hZPdQGKxmDkWfkiNTHdFUzjQVncMV/1ELx7N0RijHODPkHK0aiklKvqrt//gMjL
iOr7T6jyV+DmOW+oBeY2704HZI5eWmbGMO1udLbPwmyu2eX/8Y4IGdZxPD88tgv8
qfDY+PNVvZK7x2gAM0MY
=po+/
-----END PGP SIGNATURE-----