oss-sec mailing list archives
Re: Re: CVE Request: various issues in PHP
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 29 May 2015 17:07:51 +0200
On Wed, 20 May 2015 15:49:34 +0200 Vasyl Kaigorodov wrote:
https://bugs.php.net/bug.php?id=69418, https://bugs.php.net/bug.php?id=68598 - various functions allow \0 in paths where they shouldn't. In theory, that could lead to security failure for path-based access controls if the user injects string with \0 in it. It's a bit theoretical, but it's a possibility.CVE-2015-4025, CVE-2015-4026 respectively.
Both of these CVEs are addressed in a single commit, that also covers few other functions not mentioned in either of the two bug reports (dir()/opendir() and chroot()). Which CVE do those additional fixes fall under? They are not 5.4 regressions, so probably not CVE-2015-4025, but maybe not under CVE-2015-4026 either given that bug 68598 only mentions pcntl_exec(). I think there are few fixes in 5.4.40 / 5.5.24 / 5.6.8 that should have CVEs assigned: https://bugs.php.net/bug.php?id=69353 http://git.php.net/?p=php-src.git;a=commitdiff;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80 More CVE-2015-4025 / CVE-2015-4026 / CVE-2006-7243 like issues. More notes on what got changed is in RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1213407#c5 https://bugs.php.net/bug.php?id=69152 http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 More unserialize issues. https://bugs.php.net/bug.php?id=68819 http://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd Fileinfo DoS. Can CVEs be assigned for these? Thank you! -- Tomas Hoger / Red Hat Product Security
Current thread:
- Re: CVE Request: various issues in PHP Lior Kaplan (May 18)
- Re: Re: CVE Request: various issues in PHP Vasyl Kaigorodov (May 20)
- Re: Re: CVE Request: various issues in PHP Tomas Hoger (May 29)
- Re: Re: CVE Request: various issues in PHP Tomas Hoger (Jun 15)
- Re: CVE Request: various issues in PHP cve-assign (Jun 16)
- Re: Re: CVE Request: various issues in PHP Tomas Hoger (Jun 18)
- Re: CVE Request: various issues in PHP cve-assign (Jun 18)
- Re: CVE Request: various issues in PHP cve-assign (Jun 18)
- Re: Re: CVE Request: various issues in PHP Tomas Hoger (May 29)
- Re: Re: CVE Request: various issues in PHP Vasyl Kaigorodov (May 20)