oss-sec mailing list archives
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize()
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 30 Mar 2015 23:42:01 +0200
On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:
I'd like to request a CVE for the PHP Sec Bug #69085. Description: SoapClient's __call() method is prone to a type confusion vulnerability which can be used to gain remote code execution through unsafe unserialize() calls. Info: https://bugs.php.net/bug.php?id=69085
There is another unserialize issue fixed in 5.6.7, 5.5.23 and 5.4.39 and currently listed on PHP 5 Changelog page: http://php.net/ChangeLog-5.php Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (CVE-2015-0231) https://bugs.php.net/68976 While this lists CVE, it's CVE that was assigned to an issue fixed in 5.6.5, 5.5.21 and 5.4.37: Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231) https://bugs.php.net/68710 New id seems to be required for the new issue. -- Tomas Hoger / Red Hat Product Security
Current thread:
- CVE Request: PHP SoapClient's __call() type confusion through unserialize() Andrea Palazzo (Mar 20)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Moritz Muehlenhoff (Mar 20)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Lior Kaplan (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)