Bug 1108447 – CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1108447 - (CVE-2014-4049) CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing

Summary:	CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing

Status:	CLOSED ERRATA

Aliases:	CVE-2014-4049

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20140611,repor...
Keywords:	Security

Depends On:	1080180 1108449 1114521 1119563 1120503 1120504 1120981 1149762 1149771
Blocks:	1108453 1149858
	Show dependency tree / graph

Reported:	2014-06-12 00:52 EDT by Murray McAllister
Modified:	2015-11-25 05:09 EST (History)
CC List:	11 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-10-31 05:48:55 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
PHP Bug Tracker	67432	None	None	None	Never
Red Hat Product Errata	RHSA-2014:1012	normal	SHIPPED_LIVE	Moderate: php53 and php security update	2014-08-06 05:14:44 EDT
Red Hat Product Errata	RHSA-2014:1013	normal	SHIPPED_LIVE	Moderate: php security update	2014-08-06 06:05:17 EDT
Red Hat Product Errata	RHSA-2014:1765	normal	SHIPPED_LIVE	Important: php54-php security update	2014-10-30 19:45:24 EDT
Red Hat Product Errata	RHSA-2014:1766	normal	SHIPPED_LIVE	Important: php55-php security update	2014-10-30 19:45:12 EDT

Groups: None (edit)

Description Murray McAllister 2014-06-12 00:52:19 EDT

Stefan Esser pointed out that the following commit fixes a heap-based buffer overflow in DNS TXT record parsing:

https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468

A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.

Comment 1 Murray McAllister 2014-06-12 00:54:13 EDT

Created php tracking bugs for this issue:

Affects: fedora-all [bug 1108449]

Comment 2 Murray McAllister 2014-06-12 01:01:07 EDT

CVE request: http://www.openwall.com/lists/oss-security/2014/06/12/2

Comment 8 Angelo Alvarez 2014-07-15 22:53:28 EDT

Would be nice if someone updated https://access.redhat.com/security/cve/CVE-2014-4049 to confirm the CVE affects or does not affect PHP, PHP53 packages for RHEL-5 and RHEL-6.

Comment 10 Vincent Danen 2014-07-17 12:19:53 EDT

Statement:

This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.

Comment 12 Martin Prpič 2014-07-28 07:12:45 EDT

IssueDescription:

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query.

Comment 13 errata-xmlrpc 2014-08-06 01:15:35 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2014:1012 https://rhn.redhat.com/errata/RHSA-2014-1012.html

Comment 14 errata-xmlrpc 2014-08-06 02:06:08 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1013 https://rhn.redhat.com/errata/RHSA-2014-1013.html

Comment 17 errata-xmlrpc 2014-10-30 15:46:20 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html

Comment 18 errata-xmlrpc 2014-10-30 15:47:52 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html

Note You need to log in before you can comment on or make changes to this bug.