Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEZPtU4v33T5fhqV=pUc6vVpj83ThJ2xdRqD4DnTqG4hbUO1UA@mail.gmail.com>
Date: Sun, 25 Sep 2011 14:28:13 +0200
From: Pierre Joye <pierre.php@...il.com>
To: oss-security@...ts.openwall.com
Cc: security@....net
Subject: Re: CVE request: is_a() function may allow arbitrary
 code execution in PHP 5.3.7/5.3.8

hi,

Btw, the correct fix (and less restrictive) is to disable
allow_url_include, not  allow_url_fopen.

Cheers,

On Sat, Sep 24, 2011 at 3:56 PM, Vincent Danen <vdanen@...hat.com> wrote:
> Could a CVE be assigned for this flaw?  PHP 5.3.7 changed how the is_a()
> function worked, and as a result it could allow for remote arbitrary
> code execution if certain specific conditions are met (the blog post
> referenced below has a good writeup of the flaw).
>
> http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
> https://bugs.php.net/bug.php?id=55475
> https://bugzilla.redhat.com/show_bug.cgi?id=741020
>
> It looks like this is the fix:
>
> http://svn.php.net/viewvc/?view=revision&amp;revision=317183
>
> Thanks.
>
> --
> Vincent Danen / Red Hat Security Response Team



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.