Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

Re: Month of PHP Security - Summary - 1st May - 10th May
From: Eren Türkay <eren () pardus org tr>
Date: Tue, 11 May 2010 11:55:24 +0300
On Mon, May 10, 2010 at 09:05:16PM +0200, Stefan Esser wrote:

Hi everyone,

10 days ago the Month of PHP Security 2010 has started at
http://www.php-security.org/ and meanwhile 20 vulnerabilities were
posted and also 4 user submitted articles were published. Here is a
short summary of what was released so far. You can follow the Month of
PHP Security on Twitter, too. Just follow @mops_2010


Thank you and all the volunteers for your efforts. It is good to see
that Month of PHP Security 2010 is started.

I think, it would be better to mention CVE IDs assigned to these issues
by MITRE in your advisories. Below is what I have been able to collect.


Vulnerabilities in PHP
----------------------

MOPS-2010-017: PHP preg_quote() Interruption Information Leak
Vulnerability - http://bit.ly/cUYsbj
MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak
Vulnerability - http://bit.ly/bwT28V
MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak
Vulnerability - http://bit.ly/a3BonY
MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information
Leak Vulnerability - http://bit.ly/cdMzTo


Not assigned yet


MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage
Vulnerability - http://bit.ly/bhHyrj
MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage
Vulnerability - http://bit.ly/8Z8xYt


- CVE-2010-1868 (for both issues)


MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak
Vulnerability - http://bit.ly/doxAXk


- CVE-2010-1860


MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access
Vulnerability - http://bit.ly/b4NBD8


- CVE-2010-1861


MOPS-2010-008: PHP chunk_split() Interruption Information Leak
Vulnerability - http://bit.ly/cVoWoM


- CVE-2010-1862


MOPS-2010-006: PHP addcslashes() Interruption Information Leak
Vulnerability - http://bit.ly/b5gkaf


- CVE-2010-1864


MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability -
http://bit.ly/bXDivD


- CVE-2010-1866


MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access
Vulnerability - http://bit.ly/aZDRha


Not assigned yet

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]