Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE affected for PHP 5.3.9 ?
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 13 Jan 2012 09:54:54 -0700

On 01/13/2012 08:19 AM, Nicolas Grégoire wrote:

PHP released v5.3.9 earlier this month :

I wonder if CVE identifiers were already affected to these security
vulnerabilities. I'm looking specifically for bug 54446 that I
reported : https://bugs.php.net/bug.php?id=54446


I'm not clear on how this crosses a security boundary. The attacker
would need to write a custom script that uses the "<sax:output
href="0wn3d.php" method="text">" and the user the script runs as (apache
usually or whatever local account is in use) would also need write
permissions to the directory in question. How is this different than say
using fopen/fwrite to create the file?


-- Kurt Seifried / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]