Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <fuQd1DJF/QNZzkPoxZfgjX/uB3I@QsmfhJNucgI88DfvPJdT1/nyboE>
Date: Sun, 26 Dec 2010 14:31:57 +0300
From: Eygene Ryabinkin <rea-sec@...elabs.ru>
To: oss-security@...ts.openwall.com
Cc: kalle@....net, felipe@....net
Subject: CVE-2010-2094: PECL's phar code is vulnerable too

Good day.

It turns out that the PECL's phar extension is vulnerable to the
string format vulnerabilities announced in MOPS advisories:
  MOPS-2010-024: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l473
  MOPS-2010-025: http://svn.php.net/viewvc/pecl/phar/trunk/dirstream.c?revision=284729&view=markup#l363
  MOPS-2010-026: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l764
  MOPS-2010-027: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l120,
    http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l131,
    http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l143
  MOPS-2010-028: http://svn.php.net/viewvc/pecl/phar/trunk/stream.c?revision=286339&view=markup#l195

I think that the entry should be extended.  Don't know if PECL
code is going to be fixed.  CC'ing PHP developers who were last
to modify PECL's phar code.
-- 
Eygene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.