oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression

From: anarcat <anarcat () orangeseeds org>
Date: Fri, 05 Feb 2016 15:32:29 -0500
So from what I understand, this issue is only related to the *sample*
code in php-openid, correct?

You also report that this code is in "use verbatim" in "the vast
majority of sites", yet looking at the Debian code base, the only
samples of that code I could find are in php-openid itself and the SAML
library:

https://codesearch.debian.net/search?perpkg=1&q=getTrustRoot

(jglobus seems to be a false positive there)

I have reviewed the usage of the openid.realm field in the Debian source
code and, in general, it doesn't seem to use the `Host:` header:

https://codesearch.debian.net/search?perpkg=1&q=openid.realm

Furthermore, I am not sure the attack works even on the theoritical
level: how would the user reach the proper website if the Host header is
changed?

A.
-- 
Never attribute to malice that which can be adequately explained by
stupidity, but don't rule out malice.
                         - Albert Einstein
Previous By Date Next
Previous By Thread Next

Current thread: