mailing list archives
Re: CVE affected for PHP 5.3.9 ?
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 13 Jan 2012 09:54:54 -0700
On 01/13/2012 08:19 AM, Nicolas Grégoire wrote:
PHP released v5.3.9 earlier this month :
I wonder if CVE identifiers were already affected to these security
vulnerabilities. I'm looking specifically for bug 54446 that I
reported : https://bugs.php.net/bug.php?id=54446
I'm not clear on how this crosses a security boundary. The attacker
would need to write a custom script that uses the "<sax:output
href="0wn3d.php" method="text">" and the user the script runs as (apache
usually or whatever local account is in use) would also need write
permissions to the directory in question. How is this different than say
using fopen/fwrite to create the file?
-- Kurt Seifried / Red Hat Security Response Team