diff options
| author | simon <simon@FreeBSD.org> | 2006-10-18 04:45:55 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2006-10-18 04:45:55 +0800 |
| commit | 46ca7fd280f62b50ee61959cbae4e0d7c4c8147a (patch) | |
| tree | b7cc7ce9a503b192b6f251b4abdba7acf6f3d44f /security | |
| parent | 65706afce9291a0dd09a82179ddfc5675c73e185 (diff) | |
| download | freebsd-ports-gnome-46ca7fd280f62b50ee61959cbae4e0d7c4c8147a.tar.gz freebsd-ports-gnome-46ca7fd280f62b50ee61959cbae4e0d7c4c8147a.tar.zst freebsd-ports-gnome-46ca7fd280f62b50ee61959cbae4e0d7c4c8147a.zip | |
Update php -- _ecalloc Integer Overflow Vulnerability entry with
details from Steffan Essers advisory about the implications of this
issue. The advisory was not public when this issue was initially
fixed.
Approved by: portmgr (secteam blanket)
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 532763607ea6..fb9ee7c66884 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -285,19 +285,36 @@ Note: Please add new entries to the beginning of this file. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <blockquote cite="http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?view=log#rev1.162"> - <p>Ilia Alshanetsky reports lack of safety checks against - integer overflow in Zend Engine II.</p> + <p>Stefan Esser reports:</p> + <blockquote cite="http://www.hardened-php.net/advisory_092006.133.html"> + <p>The PHP 5 branch of the PHP source code lacks the + protection against possible integer overflows inside + ecalloc() that is present in the PHP 4 branch and also for + several years part of our Hardening-Patch and our new + Suhosin-Patch.</p> + <p>It was discovered that such an integer overflow can be + triggered when user input is passed to the unserialize() + function. Earlier vulnerabilities in PHP's unserialize() + that were also discovered by one of our audits in December + 2004 are unrelated to the newly discovered flaw, but they + have shown, that the unserialize() function is exposed to + user-input in many popular PHP applications. Examples for + applications that use the content of COOKIE variables with + unserialize() are phpBB and Serendipity.</p> + <p>The successful exploitation of this integer overflow will + result in arbitrary code execution.</p> </blockquote> </body> </description> <references> <cvename>CVE-2006-4812</cvename> + <url>http://www.hardened-php.net/advisory_092006.133.html</url> <url>http://secunia.com/advisories/22280/</url> </references> <dates> <discovery>2006-09-30</discovery> <entry>2006-10-06</entry> + <modified>2006-10-17</modified> </dates> </vuln> |