'Re: [oss-security] CVE Request -- PHP 5 - 5.2.11'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- PHP 5 - 5.2.11
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-09-22 7:24:34
Message-ID: Pine.GSO.4.51.0909220324130.16381 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2009-3291
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
Reference: CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.11
Reference: CONFIRM:http://www.php.net/releases/5_2_11.php
Reference: OSVDB:58185
Reference: URL:http://www.osvdb.org/58185
Reference: SECUNIA:36791
Reference: URL:http://secunia.com/advisories/36791
Reference: XF:php-certificate-unspecified(53334)
Reference: URL:http://xforce.iss.net/xforce/xfdb/53334

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates.


======================================================
Name: CVE-2009-3292
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
Reference: CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.11
Reference: CONFIRM:http://www.php.net/releases/5_2_11.php
Reference: OSVDB:58186
Reference: URL:http://www.osvdb.org/58186
Reference: SECUNIA:36791
Reference: URL:http://secunia.com/advisories/36791

Unspecified vulnerability in PHP before 5.2.11 has unknown impact and
attack vectors related to "missing sanity checks around exif
processing."


======================================================
Name: CVE-2009-3293
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
Reference: CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.11
Reference: CONFIRM:http://www.php.net/releases/5_2_11.php
Reference: OSVDB:58187
Reference: URL:http://www.osvdb.org/58187
Reference: SECUNIA:36791
Reference: URL:http://secunia.com/advisories/36791

Unspecified vulnerability in the imagecolortransparent function in PHP
before 5.2.11 has unknown impact and attack vectors related to an
incorrect "sanity check for the color index."


======================================================
Name: CVE-2009-3294
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3294
Reference: MLIST:[oss-security] 20090920 Re: CVE Request -- PHP 5 - 5.2.11
Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/20/1
Reference: CONFIRM:http://bugs.php.net/bug.php?id=44683
Reference: CONFIRM:http://svn.php.net/viewvc?view=revision&revision=287779
Reference: CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.11
Reference: CONFIRM:http://www.php.net/releases/5_2_11.php
Reference: OSVDB:58188
Reference: URL:http://www.osvdb.org/58188

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11, when
running on certain Windows operating systems, allows context-dependent
attackers to cause a denial of service (crash) via a crafted (1) "e"
or (2) "er" string in the second argument (aka mode), possibly related
to the _fdopen function in the Microsoft C runtime library.  NOTE: this
might not cross privilege boundaries except in rare cases in which the
mode argument is accessible to an attacker outside of an application
that uses the popen function.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic