oss-sec mailing list archives
Re: CVE request: PHP Phar - arbitrary code execution
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 22 May 2012 11:47:11 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/20/2012 12:09 PM, Felipe Pena wrote:
Hi, Can anyone assing a CVE id for the following PHP's phar extension integer overflow vulnerability? (Secunia SA44335) Private report: https://bugs.php.net/bug.php?id=61065 Discovered by: Alexander Gavrun Original Advisory: http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html
Please
use CVE-2012-2386 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPu9EfAAoJEBYNRVNeJnmTnLMQAMQcvrrfTxm6bD5P5+gChfO1 PJB21AAuD2KX7KAW7YqOhCckjwTYG0n2slAUggUlCeWk/aDaVcnfKe2UQ5n0asKj ewd7uPkV0iWV9SQ5qjyYD6h1bawaS2mLTojefPUIMAlR8jg9n11lqRe6SN3vzJh5 OBEj7vy4g95Hav7/UIHGmpUP6vAQwqwxafOprhwCXMg04qdj52Px0G0Okf+5Rk8S hdeu/I2SqRCm1GoGOdc+ABn8AZoxrL2rw2UfvZyjrCg/nlbgP1qMMGP9/JcsHRTL 2lU2al7Z4LAlB+mtFHxUqzCDMNAnGYM95XHSKhVRGCi8xojgC+T2v8EFarX6neW2 cbi02jbd8CzWX5kMc/i3MoTbyLXghZxI/gm1kIuf1Ff/MCzqs+YqBVlzUNthoijE ESPMTSebI7qIRkeVlGiyFALcyftYibgw/3ufHLXtiN3ARP9CSLocizAak5VHmo52 khwmSQq5wuYxG4+R+jZKZAgA5vziL3ZN/AHtSpmuUvcFeh64262zqtDhSj31N+Tl uUUQewB4fQwo1Q1loVEmjdBPmSM3C3bAFIS++bAWUQyrIHKv8CheTG53hBlU/X0O Of0aJMVLRO6CiGuhGWddZlVKRBeeq6bgJ4tjYyq6PV++WJ3A979oimUVSsutqtKs N6mIQ5uVKFZ069M0zvwa =K0uz -----END PGP SIGNATURE-----
Current thread:
- CVE request: PHP Phar - arbitrary code execution Felipe Pena (May 20)
- Re: CVE request: PHP Phar - arbitrary code execution Kurt Seifried (May 22)