Bug 748777 (CVE-2010-4723)

Summary: CVE-2010-4723 php-Smarty: Before 3.0.0, when security is enabled does not prevent access to the dynamic and private object members of an assigned object
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: christof, gwync
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-25 11:02:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Smarty r3719 SVN repository upstream patch none

Description Jan Lieskovsky 2011-10-25 10:58:21 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4723 to
the following vulnerability:

Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors. 

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4723
[2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Comment 1 Jan Lieskovsky 2011-10-25 10:59:56 UTC 
Relevant Smarty Changelog entry:

04/11/2010
- bugfix do not allow access of dynamic and private object members of assigned objects when
  security is enabled.

and particular SVN log record to it:

r3719 | uwe.tews | 2010-11-04 16:53:28 +0100 (Thu, 04 Nov 2010) | 2 lines

- bugfix do not allow access of dynamic and private object members of assigned objects when security is enabled.
Comment 2 Jan Lieskovsky 2011-10-25 11:00:51 UTC 
Created attachment 530056 [details]
Smarty r3719 SVN repository upstream patch
Comment 3 Jan Lieskovsky 2011-10-25 11:02:46 UTC 
This issue did NOT affect the versions of the php-Smarty package, as shipped with Fedora release of 14 and 15 (the relevant code in question does NOT exist in those versions yet).

--

This issue did NOT affect the versions of the php-Smarty package, as shipped with Fedora EPEL 5 and Fedora EPEL 6 repositories (the relevant code in question does NOT exist in those versions yet).