Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Dec 2010 09:34:26 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: NULL byte poisoning fix in php 5.3.4+


On Thu, 9 Dec 2010, Pierre Joye wrote:

> We are about to release 5.2.15 and 5.3.4, can anyone please get an id
> for this issue?

I just assigned CVE-2006-7243 to the http://bugs.php.net/39863 issue, i.e. 
NULL injection in file_exists() *only*.

However, as already stated, the issue of NULL byte injection with PHP 
dates back to 1999 or so (ouch... I remember that).  If PHP is addressing 
NULL byte injection beyond just file_exists(), then that may need a 
separate CVE.

- Steve


> Thanks,
>
> On Tue, Nov 30, 2010 at 3:26 AM, Pierre Joye <pierre.php@...il.com> wrote:
>> Coley? :)
>>
>> On Mon, Nov 22, 2010 at 5:21 PM, Josh Bressers <bressers@...hat.com> wrote:
>>> Steve,
>>>
>>> Can MITRE take this one. It looks like it's from 2006 (from looking at the
>>> upstream bug). I don't see a CVE id for this anywhere.
>>>
>>> Thanks.
>>>
>>> --
>>>    JB
>>>
>>> ----- "Pierre Joye" <pierre.php@...il.com> wrote:
>>>
>>>> anyone?
>>>>
>>>> On Thu, Nov 18, 2010 at 5:43 PM, Pierre Joye <pierre.php@...il.com>
>>>> wrote:
>>>>> forgot to add the fixes revs:
>>>>>
>>>>> http://svn.php.net/viewvc?view=revision&revision=305507
>>>>> revert of part of the OCI8 fix
>>>>> http://svn.php.net/viewvc?view=revision&revision=305509
>>>>>
>>>>> OCI8 fix (committed separately)
>>>>> http://svn.php.net/viewvc?view=revision&revision=305412
>>>>>
>>>>> On Thu, Nov 18, 2010 at 5:22 PM, Pierre Joye <pierre.php@...il.com>
>>>>> wrote:
>>>>>> hi,
>>>>>>
>>>>>> The problem describes here http://www.madirish.net/?article=436, in
>>>>>> http://bugs.php.net/39863 (and numerous other places) has been fixed
>>>>>> in PHP_5_3, targetting 5.3.4 (RC1 to be released today). It is a well
>>>>>> (old) known issue in PHP and I wonder if there is a CVE already for
>>>>>> it? If not I think having one could helpful. or?
>>>>>>
>>>>>> Cheers,
>>>>>> --
>>>>>> Pierre
>>>>>>
>>>
>>
>>
>>
>> --
>> Pierre
>>
>> @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
>>
>
>
>
> -- 
> Pierre
>
> @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
>
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ