[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: PHP SoapClient's __call() type confusion through unserialize()
From:       Lior Kaplan <kaplanlior () gmail ! com>
Date:       2015-03-31 6:32:25
Message-ID: CAEsznC75pwsZfO4WpFiDCjqNXAA-y2C_S4yrrKci=7Rw6S8OSA () mail ! gmail ! com
[Download RAW message or body]


On Tue, Mar 31, 2015 at 1:49 AM, Tyler Hicks <tyhicks@canonical.com> wrote:

> On 2015-03-30 23:42:01, Tomas Hoger wrote:
> > On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:
> >
> > > I'd like to request a CVE for the PHP Sec Bug #69085.
> > >
> > > Description:
> > > SoapClient's __call() method is prone to a type confusion
> > > vulnerability which can be used to gain remote code execution through
> > > unsafe unserialize() calls.
> > >
> > > Info:
> > > https://bugs.php.net/bug.php?id=69085
> >
> > There is another unserialize issue fixed in 5.6.7, 5.5.23 and 5.4.39
> > and currently listed on PHP 5 Changelog page:
> >
> > http://php.net/ChangeLog-5.php
> >
> > Fixed bug #68976 (Use After Free Vulnerability in unserialize()).
> (CVE-2015-0231)
> > https://bugs.php.net/68976
>
> I believe that the ChangeLog-5.php page contains a typo since NVD claims
> that CVE-2015-2787 corresponds to PHP bug #68976:
>
>  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2787
>
>
We weren't aware of this CVE assignment... Thanks.

The bug & changelog updated.

Kaplan


[prev in list] [next in list] [prev in thread] [next in thread]