Date: Fri, 13 Jan 2012 09:54:54 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Nicolas Grégoire <nicolas.gregoire@...rri.fr> Subject: Re: CVE affected for PHP 5.3.9 ? On 01/13/2012 08:19 AM, Nicolas Grégoire wrote: > Hello, > > PHP released v5.3.9 earlier this month : > http://php.net/ChangeLog-5.php#5.3.9 > > I wonder if CVE identifiers were already affected to these security > vulnerabilities. I'm looking specifically for bug 54446 that I > reported : https://bugs.php.net/bug.php?id=54446 > > Regards, > Nicolas > > I'm not clear on how this crosses a security boundary. The attacker would need to write a custom script that uses the "<sax:output href="0wn3d.php" method="text">" and the user the script runs as (apache usually or whatever local account is in use) would also need write permissions to the directory in question. How is this different than say using fopen/fwrite to create the file? -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ