Bug 733740 – CVE-2011-3267 PHP error_log DoS

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 733740 - (CVE-2011-3267) CVE-2011-3267 PHP error_log DoS

Summary:	CVE-2011-3267 PHP error_log DoS

Status:	CLOSED ERRATA

Aliases:	CVE-2011-3267

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	public=20110818,reported=20110825,sou...
Keywords:	Security

Depends On:
Blocks:	732517
	Show dependency tree / graph

Reported:	2011-08-26 12:33 EDT by Josh Bressers
Modified:	2015-08-19 05:12 EDT (History)
CC List:	4 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-09-19 02:23:04 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Josh Bressers 2011-08-26 12:33:09 EDT

PHP before 5.3.7 does not properly implement the error_log function,
which allows context-dependent attackers to cause a denial of service
(application crash) via unspecified vectors.

Comment 2 Huzaifa S. Sidhpurwala 2011-09-16 01:57:05 EDT

Upstream patch:
http://svn.php.net/viewvc?view=revision&revision=312417

Comment 3 Huzaifa S. Sidhpurwala 2011-09-16 02:34:07 EDT

Looking at the version of php and php53 shipped with rhel-6 and rhel-5, the following block of code which is vulnerable does not exist in:

ext/standard/basic-functions.c

4677     if (opt_err == 3 && opt) {
4678         if (strlen(opt) != opt_len) {
4679             RETURN_FALSE;

Statement:

Not Vulnerable. This issue did not affect the version of php shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of php53 shipped with Red Hat Enterprise Linux 5.

Comment 6 Huzaifa S. Sidhpurwala 2011-09-19 02:22:47 EDT

This issue has been addressed in Fedora in the following updates:

Fedora-14: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc14
Fedora-15: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc15
Fedora-16: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc16
Fedora-16-testing: http://koji.fedoraproject.org/packages/php/5.3.8/2.fc16
Fedora-Rawhide: http://koji.fedoraproject.org/packages/php/5.3.8/2.fc17

Note You need to log in before you can comment on or make changes to this bug.