Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Jan 2012 09:54:54 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Nicolas Grégoire <nicolas.gregoire@...rri.fr>
Subject: Re: CVE affected for PHP 5.3.9 ?

On 01/13/2012 08:19 AM, Nicolas Grégoire wrote:
> Hello,
>
> PHP released v5.3.9 earlier this month :
> http://php.net/ChangeLog-5.php#5.3.9
>
> I wonder if CVE identifiers were already affected to these security
> vulnerabilities. I'm looking specifically for bug 54446 that I
> reported : https://bugs.php.net/bug.php?id=54446
>
> Regards,
> Nicolas
>
>
I'm not clear on how this crosses a security boundary. The attacker
would need to write a custom script that uses the "<sax:output
href="0wn3d.php" method="text">" and the user the script runs as (apache
usually or whatever local account is in use) would also need write
permissions to the directory in question. How is this different than say
using fopen/fwrite to create the file?

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ