Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 670792 - (CVE-2010-4697) CVE-2010-4697 php: Zend use-after-free certain methods are called on objects accessed by a reference
CVE-2010-4697 php: Zend use-after-free certain methods are called on objects ...
Status: CLOSED DUPLICATE of bug 169857
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Red Hat Product Security
impact=none,reported=20110118,public=...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-01-19 07:16 EST by Tomas Hoger
Modified: 2016-03-04 07:27 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-19 12:40:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Tomas Hoger 2011-01-19 07:16:05 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4697 to the following issue:

Use-after-free vulnerability in the Zend engine in PHP before 5.2.15
and 5.3.x before 5.3.4 might allow context-dependent attackers to
cause a denial of service (heap memory corruption) or have unspecified
other impact via vectors related to use of __set, __get, __isset, and
__unset methods on objects accessed by a reference.

References:
http://bugs.php.net/52879
http://www.php.net/ChangeLog-5.php#5.3.4
http://www.php.net/ChangeLog-5.php#5.2.15

Upstream commit:
http://svn.php.net/viewvc/?view=revision&revision=303913
Comment 1 Tomas Hoger 2011-01-19 12:40:01 EST 
This is under the full control of the script author, hence may possibly allow safe_mode / open_basedir restrictions.

*** This bug has been marked as a duplicate of bug 169857 ***
Comment 2 Tomas Hoger 2011-01-20 06:17:52 EST 
Statement:

We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive.  For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.