Bug 748751 (CVE-2009-5052)

Summary: CVE-2009-5052 php-Smarty: Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: christof, gwync
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-25 14:37:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Smarty r3407 upstream patch
none
Smarty r3416 upstream patch none

Description Jan Lieskovsky 2011-10-25 09:31:46 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5052 to
the following vulnerability:

Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5052
[2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Comment 1 Jan Lieskovsky 2011-10-25 09:38:44 UTC 
From the look at the Smarty changelog [2] the security flaws fixed in v3.0.0 before beta 6 are as follows (relevant SVN log records are listed too):

=============

* 12/28/2009
- update for security fixes

SVN log entry:

r3416 | Uwe.Tews | 2009-12-28 16:27:13 +0100 (Mon, 28 Dec 2009) | 2 lines

- update for security fixes
- make modifier plugins always trusted


=============

* 12/27/2009
- closed a security hole regarding PHP code injection into cache files

SVN log entry:

3407 | Uwe.Tews | 2009-12-27 16:06:49 +0100 (Sun, 27 Dec 2009) | 11 lines

--- this is a major update with a couple of internal changes ---
- new config file lexer/parser (thanks to Thue Jnaus Kristensen)
- template lexer/parser fixes for PHP and {literal} handing (thanks to Thue Jnaus Kristensen)
- fix on registered plugins with different type but same name
- rewrite of plugin handling (optimized execution speed)
- closed a security hole regarding PHP code injection into cache files
- fixed bug in clear cache handling
- Renamed a couple of internal classes
- code cleanup for merging compiled templates
- couple of runtime optimizations (still not all done)
Comment 2 Jan Lieskovsky 2011-10-25 10:04:13 UTC 
Created attachment 530043 [details]
Smarty r3407 upstream patch
Comment 3 Jan Lieskovsky 2011-10-25 10:05:50 UTC 
Created attachment 530044 [details]
Smarty r3416 upstream patch
Comment 4 Jan Lieskovsky 2011-10-25 14:37:17 UTC 
These issues did NOT affect the versions of the php-Smarty package, as shipped with Fedora release of 14 and 15.

--

These issues did NOT affect the versions of the php-Smarty package, as present within Fedora EPEL 5 and Fedora EPEL 6 repositories.