Similar to Ruby (CVE-2013-4073) and Python (CVE-2013-4238), PHP also suffers from how it checked the hostname's identity when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. This has been corrected in upstream git: http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755 http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897 While PHP referenced the Ruby CVE, one has not yet been assigned to PHP (requested): http://www.openwall.com/lists/oss-security/2013/08/14/4
This was assigned CVE-2013-4248: http://www.openwall.com/lists/oss-security/2013/08/15/3
This is fixed in PHP 5.4.18: http://www.php.net/ChangeLog-5.php#5.4.18 But they used the Ruby CVE name incorrectly.
Also fixed in 5.5.2: http://www.php.net/ChangeLog-5.php#5.5.2
Created php tracking bugs for this issue: Affects: fedora-all [bug 998341]
PHP 5.3 related commits: http://git.php.net/?p=php-src.git;a=commitdiff;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755 http://git.php.net/?p=php-src.git;a=commitdiff;h=c1c49d6e3983c9ce0b43ffe7bf6e03b809ed048b PHP 5.4 and 5.5 related commits: http://git.php.net/?p=php-src.git;a=commitdiff;h=2874696a5a8d46639d261571f915c493cd875897 http://git.php.net/?p=php-src.git;a=commitdiff;h=c1c49d6e3983c9ce0b43ffe7bf6e03b809ed048b The second commit is a fix for the fix.
php-5.5.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Any ideas when the fix for this CVE will make it into RHEL 5.9?
php-5.4.19-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Related issue is CVE-2009-3291 / bug 524228, which correct similar problem in CommonName handling, but failed to correct subjectAltName handling corrected as part of this bug / CVE.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1307 https://rhn.redhat.com/errata/RHSA-2013-1307.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1615 https://rhn.redhat.com/errata/RHSA-2013-1615.html
Statement: This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 5 or the version of php54 as shipped with Red Hat Software Collections 1.