|
Message-ID: <Pine.GSO.4.51.0909220130450.16381@faron.mitre.org> Date: Tue, 22 Sep 2009 01:49:40 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request -- PHP 5 - 5.2.11 On Sun, 20 Sep 2009, yersinia wrote: > > > This would appear to be: > > > > > > http://svn.php.net/viewvc?view=revision&revision=287779 > > > > > > which is Windows-specific. > > > > I was more wondering why this is a security issue rather > > than a bug. > > http://securityvulns.com/Vdocument145.html Vdocument145.html appears to be about a buffer overflow in the second argument to popen. PHP bug 44683, which is part of the 5.2.11 PHP announcement, focuses on an "e" or "er" value in the second argument. It also suggests the core problem is in the Microsoft C function _fdopen. The Vdocument145.html issue may well be the same - maybe _fdopen doesn't handle *any* invalid mode string, and the exploit has "A" as the first character, which is invalid. The actual behavior of _fdopen is not immediately clear to me. Maybe there's really a buffer overflow going on. Vdocument145.html also doesn't seem to mention anything about Windows, so maybe this applies to other OSes. The scope of PHP bug #44683 may be very limited, but since the vendor is trying to communicate that it's a security problem to its customers, it's still reasonable to assign a CVE to it (momentarily). - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.