Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Aug 2012 13:26:34 -0500
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: php header() header injection detection bypass

Hi,

Reviewing a list of CVE ids that were assigned from the Debian CNA pool, I 
noticed there is one [id] for php5 that hasn't been made public yet the 
issue has already been re-re-reported and in this one last round finally 
fixed.

I'm talking about https://bugs.php.net/60227 

It was independently reported by two persons but as of this time their 
reports (#54182 and #54006) are still hidden behind the "security bug" 
curtain of PHP's bug tracker. Back when they were reported, I had assigned 
the following id: CVE-2011-1398 "header injection detection bypass."
Note that the id only applies to the CR bypass part of the issue.

Then it came this other report (#60227, originally reported as #60028 by the 
same person but tagged security, which hid it too), which lead to finally 
fixing the bug (but please beware of the original fix by reading [1]).

Unless I missed something, the CR bypass issue was never assigned a CVE id 
once it became public. Please do correct me if I'm wrong.

[1] http://article.gmane.org/gmane.comp.php.devel/70584

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ