Bug 733740 (CVE-2011-3267) - CVE-2011-3267 PHP error_log DoS
Summary: CVE-2011-3267 PHP error_log DoS
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-3267
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110818,reported=20110825,sou...
Depends On:
Blocks: 732517
TreeView+ depends on / blocked
 
Reported: 2011-08-26 16:33 UTC by Josh Bressers
Modified: 2019-06-08 18:54 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-19 06:23:04 UTC


Attachments (Terms of Use)

Description Josh Bressers 2011-08-26 16:33:09 UTC
PHP before 5.3.7 does not properly implement the error_log function,
which allows context-dependent attackers to cause a denial of service
(application crash) via unspecified vectors.

Comment 2 Huzaifa S. Sidhpurwala 2011-09-16 05:57:05 UTC
Upstream patch:
http://svn.php.net/viewvc?view=revision&revision=312417

Comment 3 Huzaifa S. Sidhpurwala 2011-09-16 06:34:07 UTC
Looking at the version of php and php53 shipped with rhel-6 and rhel-5, the following block of code which is vulnerable does not exist in:

ext/standard/basic-functions.c

4677     if (opt_err == 3 && opt) {
4678         if (strlen(opt) != opt_len) {
4679             RETURN_FALSE;

Statement:

Not Vulnerable. This issue did not affect the version of php shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of php53 shipped with Red Hat Enterprise Linux 5.


Note You need to log in before you can comment on or make changes to this bug.