Bug 748751 (CVE-2009-5052) - CVE-2009-5052 php-Smarty: Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6
Summary: CVE-2009-5052 php-Smarty: Multiple unspecified vulnerabilities in Smarty befo...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2009-5052
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-25 09:31 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:48 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-25 14:37:17 UTC


Attachments (Terms of Use)
Smarty r3407 upstream patch (457.14 KB, patch)
2011-10-25 10:04 UTC, Jan Lieskovsky
no flags Details | Diff
Smarty r3416 upstream patch (14.74 KB, patch)
2011-10-25 10:05 UTC, Jan Lieskovsky
no flags Details | Diff

Description Jan Lieskovsky 2011-10-25 09:31:46 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5052 to
the following vulnerability:

Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5052
[2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt

Comment 1 Jan Lieskovsky 2011-10-25 09:38:44 UTC
From the look at the Smarty changelog [2] the security flaws fixed in v3.0.0 before beta 6 are as follows (relevant SVN log records are listed too):

=============

* 12/28/2009
- update for security fixes

SVN log entry:

r3416 | Uwe.Tews | 2009-12-28 16:27:13 +0100 (Mon, 28 Dec 2009) | 2 lines

- update for security fixes
- make modifier plugins always trusted


=============

* 12/27/2009
- closed a security hole regarding PHP code injection into cache files

SVN log entry:

3407 | Uwe.Tews | 2009-12-27 16:06:49 +0100 (Sun, 27 Dec 2009) | 11 lines

--- this is a major update with a couple of internal changes ---
- new config file lexer/parser (thanks to Thue Jnaus Kristensen)
- template lexer/parser fixes for PHP and {literal} handing (thanks to Thue Jnaus Kristensen)
- fix on registered plugins with different type but same name
- rewrite of plugin handling (optimized execution speed)
- closed a security hole regarding PHP code injection into cache files
- fixed bug in clear cache handling
- Renamed a couple of internal classes
- code cleanup for merging compiled templates
- couple of runtime optimizations (still not all done)

Comment 2 Jan Lieskovsky 2011-10-25 10:04:13 UTC
Created attachment 530043 [details]
Smarty r3407 upstream patch

Comment 3 Jan Lieskovsky 2011-10-25 10:05:50 UTC
Created attachment 530044 [details]
Smarty r3416 upstream patch

Comment 4 Jan Lieskovsky 2011-10-25 14:37:17 UTC
These issues did NOT affect the versions of the php-Smarty package, as shipped with Fedora release of 14 and 15.

--

These issues did NOT affect the versions of the php-Smarty package, as present within Fedora EPEL 5 and Fedora EPEL 6 repositories.


Note You need to log in before you can comment on or make changes to this bug.