Bug 733740 (CVE-2011-3267)

Summary: CVE-2011-3267 PHP error_log DoS
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: fedora, jorton, rpm, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-19 06:23:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 732517    

Description Josh Bressers 2011-08-26 16:33:09 UTC 
PHP before 5.3.7 does not properly implement the error_log function,
which allows context-dependent attackers to cause a denial of service
(application crash) via unspecified vectors.
Comment 2 Huzaifa S. Sidhpurwala 2011-09-16 05:57:05 UTC 
Upstream patch:
http://svn.php.net/viewvc?view=revision&revision=312417
Comment 3 Huzaifa S. Sidhpurwala 2011-09-16 06:34:07 UTC 
Looking at the version of php and php53 shipped with rhel-6 and rhel-5, the following block of code which is vulnerable does not exist in:

ext/standard/basic-functions.c

4677     if (opt_err == 3 && opt) {
4678         if (strlen(opt) != opt_len) {
4679             RETURN_FALSE;

Statement:

Not Vulnerable. This issue did not affect the version of php shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of php53 shipped with Red Hat Enterprise Linux 5.
Comment 6 Huzaifa S. Sidhpurwala 2011-09-19 06:22:47 UTC 
This issue has been addressed in Fedora in the following updates:

Fedora-14: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc14
Fedora-15: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc15
Fedora-16: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc16
Fedora-16-testing: http://koji.fedoraproject.org/packages/php/5.3.8/2.fc16
Fedora-Rawhide: http://koji.fedoraproject.org/packages/php/5.3.8/2.fc17