Re: CVE Request: PHP: out of bounds read crashes php-cgi

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://bugs.php.net/bug.php?id=68618 (out of bounds read crashes
> php-cgi).
>
> http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35

Use CVE-2014-9427.

Can you clarify what threat models exist that cross privilege
boundaries? Bug #68618 says "could disclose server memory, but anyone
that can upload php scripts can do far worse." Is the only relevant
scenario that the attacker uploads a crafted .php file and thereby
obtains read access (that would otherwise be unavailable) to memory
locations within a parent process?

Or is it relevant that a victim may accidentally upload an
incorrect .php file, and may expect that this is harmless, but the
actual behavior is that PHP reads and executes out-of-bounds data that
the victim did not wish to execute?

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUpC2DAAoJEKllVAevmvmsVe4H/j/BC4vvhBLkW/HlwJcEzY+K
AqRpWEVMJkdENeipMbtITrKnL/bIdG/46SNLZ53HkHVXL8p7rWCPu6eNdOlmlH1N
9o65IyMmsoVfRa5dQxENKLYCo/vwtu+tCeRxDdgHS686EF+BhIQY7JtNGcXfnnNG
1sZAwt5XjHP+m6ySJSR5ZVPeXyYe3goWjqdz+I4WbIEjgz+GsdikUA0jo6nFUwN9
sWl0RJ14Q3/lfH+Rrm8zXNZ94moLifRdrUTwsLgpKD/L1ir/gCMo8lBjYJeQ0wcu
6WneySUyOpA7oKQioM0tG36/I0u2/8EO0M9V2EfdLqj2k3SELi+ej2Tcw4RiOn8=
=1Nqq
-----END PGP SIGNATURE-----