oss-security - Re: CVE affected for PHP 5.3.9 ?

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <4F1061DE.9020501@redhat.com>
Date: Fri, 13 Jan 2012 09:54:54 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Nicolas Grégoire <nicolas.gregoire@...rri.fr>
Subject: Re: CVE affected for PHP 5.3.9 ?

On 01/13/2012 08:19 AM, Nicolas Grégoire wrote:
> Hello,
>
> PHP released v5.3.9 earlier this month :
> http://php.net/ChangeLog-5.php#5.3.9
>
> I wonder if CVE identifiers were already affected to these security
> vulnerabilities. I'm looking specifically for bug 54446 that I
> reported : https://bugs.php.net/bug.php?id=54446
>
> Regards,
> Nicolas
>
>
I'm not clear on how this crosses a security boundary. The attacker
would need to write a custom script that uses the "<sax:output
href="0wn3d.php" method="text">" and the user the script runs as (apache
usually or whatever local account is in use) would also need write
permissions to the directory in question. How is this different than say
using fopen/fwrite to create the file?

-- 

-- Kurt Seifried / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.