Bug 1112154 (CVE-2014-3515)
Summary: | CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | aneelica, angelo.alvarez, falonso, jorton, jrusnack, mmaslano, mmiura, pgervase, rcollet, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | php 5.3.29, php 5.4.30, php 5.5.14 | Doc Type: | Bug Fix |
Doc Text: |
A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-10-31 09:50:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1080180, 1119563, 1119730, 1120503, 1120504, 1120981, 1149762, 1149771 | ||
Bug Blocks: | 1065838, 1112155, 1149858 |
Description
Huzaifa S. Sidhpurwala
2014-06-23 08:55:21 UTC
UPstream commit http://git.php.net/?p=php-src.git;a=commit;h=a374dfab567ff7f0ab0dc150f14cc891b0340b47 Fixed upstream in PHP 5.4.30 and 5.5.14: http://php.net/ChangeLog-5.php#5.4.30 http://php.net/ChangeLog-5.php#5.5.14 Can someone update https://access.redhat.com/security/cve/CVE-2014-3515 with vulnerable product info, so we know if PHP packages form RHEL-5 and RHEL-6 are affected?? Statement: This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5. IssueDescription: A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2014:1012 https://rhn.redhat.com/errata/RHSA-2014-1012.html This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1013 https://rhn.redhat.com/errata/RHSA-2014-1013.html Write up of the issue from its reporter - Stefan Esser: https://www.sektioneins.de/en/blog/14-08-27-unserialize-typeconfusion.html This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html |