Bug 617578 (CVE-2010-1864, MOPS-2010-006)
Summary: | CVE-2010-1864 php: addcslashes interruption vulnerability (MOPS-2010-006) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | |||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | unspecified | CC: | fedora, jorton | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-07-23 13:32:18 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Tomas Hoger
2010-07-23 13:21:13 UTC
Created attachment 433953 [details]
Reproducer from MOPS-2010-006
Fixed upstream in Zend / zend_parse_parameters via: http://svn.php.net/viewvc?view=revision&revision=298945 Fix included in upstream version 5.3.3: http://www.php.net/releases/5_3_3.php Interruption vulnerabilities allow untrusted script author to bypass restrictions such as safe_mode or open_basedir. Due to the limitations of the implementation of these mechanisms, they can not be relied on as security features. Therefore flaws bypass of there restrictions are not considered security sensitive. For additional details, refer to bug #169857, comment #1. *** This bug has been marked as a duplicate of bug 169857 *** Statement: Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php Additional note on MOPS reproducers using __toString() method to interrupt internal PHP function is available in bug #617211, comment #7. |