Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
Reference: https://bugs.php.net/bug.php?id=55439 Upstream patch: http://svn.php.net/viewvc/?view=revision&revision=315338 Patch for php-5.3 and php-5.4: http://svn.php.net/viewvc?view=revision&revision=315218
This vuln. will arise only either or both of the patches below have been applied: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c?r1=313615&r2=314434 Here strcat is replaced by strncat http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c?r1=314434&r2=314438 Here strncat is replaced by strlcat And finally the patch to correct this issue reverts strlcat to strcat. Statement: Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.
This issue has been addressed in Fedora in the following updates: Fedora-14: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc14 Fedora-15: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc15 Fedora-16: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc16 Fedora-16-testing: http://koji.fedoraproject.org/packages/php/5.3.8/2.fc16 Fedora-Rawhide: http://koji.fedoraproject.org/packages/php/5.3.8/2.fc17