Bug 1194747 (CVE-2015-2301) - CVE-2015-2301 php: use after free in phar_object.c
Summary: CVE-2015-2301 php: use after free in phar_object.c
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-2301
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20150124,reported=2...
Depends On: 1204762 1204763 1204765 1204766 1209880 1209884 1209887
Blocks: 1194715 1210213
TreeView+ depends on / blocked
 
Reported: 2015-02-20 16:43 UTC by Vasyl Kaigorodov
Modified: 2019-06-13 08:15 UTC (History)
20 users (show)

Fixed In Version: php 5.5.22, php 5.6.6
Doc Type: Bug Fix
Doc Text:
A use-after-free flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory.
Clone Of:
Environment:
Last Closed: 2015-07-09 21:45:49 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1053 normal SHIPPED_LIVE Moderate: php55 security and bug fix update 2015-06-04 12:06:06 UTC
Red Hat Product Errata RHSA-2015:1066 normal SHIPPED_LIVE Important: php54 security and bug fix update 2015-06-05 15:42:20 UTC
Red Hat Product Errata RHSA-2015:1135 normal SHIPPED_LIVE Important: php security and bug fix update 2015-06-23 12:11:40 UTC
Red Hat Product Errata RHSA-2015:1218 normal SHIPPED_LIVE Moderate: php security update 2015-07-09 21:01:41 UTC

Description Vasyl Kaigorodov 2015-02-20 16:43:42 UTC
Use after free vulnerability reported in PHP "phar" extension [1].
Upstream commit that fixes this:
http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b

[1]: https://bugs.php.net/bug.php?id=68901

Comment 1 Francisco Alonso 2015-03-10 14:33:47 UTC
Fixed upstream in PHP 5.6.6 and 5.5.22:

http://php.net/ChangeLog-5.php#5.6.6
http://php.net/ChangeLog-5.php#5.5.22

Comment 7 Carl Riches 2015-05-04 19:46:18 UTC
Can you provide an update on the status of this bug?  The NIST NVD shows a higher vuln score than your whiteboard comments show (above).  This is the NIST rating:

 Original release date: 03/30/2015
Last revised: 04/13/2015
Source: US-CERT/NIST

CVSS Severity (version 2.0):
  CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
  Impact Subscore: 6.4
  Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
  Access Vector: Network exploitable
  Access Complexity: Low
  Authentication: Not required to exploit
  Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Thanks.

Comment 8 errata-xmlrpc 2015-06-04 08:04:05 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html

Comment 9 errata-xmlrpc 2015-06-04 08:07:26 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1053 https://rhn.redhat.com/errata/RHSA-2015-1053.html

Comment 10 errata-xmlrpc 2015-06-23 08:12:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html

Comment 11 errata-xmlrpc 2015-07-09 17:07:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1218 https://rhn.redhat.com/errata/RHSA-2015-1218.html


Note You need to log in before you can comment on or make changes to this bug.