oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: PHP Phar - arbitrary code execution

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 22 May 2012 11:47:11 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/20/2012 12:09 PM, Felipe Pena wrote:

Hi, Can anyone assing a CVE id for the following PHP's phar
extension integer overflow vulnerability? (Secunia SA44335)

Private report: https://bugs.php.net/bug.php?id=61065

Discovered by: Alexander Gavrun

Original Advisory: 
http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html


Please



use CVE-2012-2386 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPu9EfAAoJEBYNRVNeJnmTnLMQAMQcvrrfTxm6bD5P5+gChfO1
PJB21AAuD2KX7KAW7YqOhCckjwTYG0n2slAUggUlCeWk/aDaVcnfKe2UQ5n0asKj
ewd7uPkV0iWV9SQ5qjyYD6h1bawaS2mLTojefPUIMAlR8jg9n11lqRe6SN3vzJh5
OBEj7vy4g95Hav7/UIHGmpUP6vAQwqwxafOprhwCXMg04qdj52Px0G0Okf+5Rk8S
hdeu/I2SqRCm1GoGOdc+ABn8AZoxrL2rw2UfvZyjrCg/nlbgP1qMMGP9/JcsHRTL
2lU2al7Z4LAlB+mtFHxUqzCDMNAnGYM95XHSKhVRGCi8xojgC+T2v8EFarX6neW2
cbi02jbd8CzWX5kMc/i3MoTbyLXghZxI/gm1kIuf1Ff/MCzqs+YqBVlzUNthoijE
ESPMTSebI7qIRkeVlGiyFALcyftYibgw/3ufHLXtiN3ARP9CSLocizAak5VHmo52
khwmSQq5wuYxG4+R+jZKZAgA5vziL3ZN/AHtSpmuUvcFeh64262zqtDhSj31N+Tl
uUUQewB4fQwo1Q1loVEmjdBPmSM3C3bAFIS++bAWUQyrIHKv8CheTG53hBlU/X0O
Of0aJMVLRO6CiGuhGWddZlVKRBeeq6bgJ4tjYyq6PV++WJ3A979oimUVSsutqtKs
N6mIQ5uVKFZ069M0zvwa
=K0uz
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: