kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update php -- _ecalloc Integer Overflow Vulnerability entry with

Browse source 
details from Steffan Essers advisory about the implications of this
issue.  The advisory was not public when this issue was initially
fixed.

Approved by:	portmgr (secteam blanket)
This commit is contained in:
Simon L. B. Nielsen 2006-10-17 20:45:55 +00:00
parent 7ca4c6bb97
commit a0a4a2fb88
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=175379
1 changed files with 20 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
security/vuxml/vuln.xml
View file

@ -285,19 +285,36 @@ Note: Please add new entries to the beginning of this file.
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?view=log#rev1.162">
<p>Ilia Alshanetsky reports lack of safety checks against
integer overflow in Zend Engine II.</p>
<p>Stefan Esser reports:</p>
<blockquote cite="http://www.hardened-php.net/advisory_092006.133.html">
<p>The PHP 5 branch of the PHP source code lacks the
protection against possible integer overflows inside
ecalloc() that is present in the PHP 4 branch and also for
several years part of our Hardening-Patch and our new
Suhosin-Patch.</p>
<p>It was discovered that such an integer overflow can be
triggered when user input is passed to the unserialize()
function. Earlier vulnerabilities in PHP's unserialize()
that were also discovered by one of our audits in December
2004 are unrelated to the newly discovered flaw, but they
have shown, that the unserialize() function is exposed to
user-input in many popular PHP applications. Examples for
applications that use the content of COOKIE variables with
unserialize() are phpBB and Serendipity.</p>
<p>The successful exploitation of this integer overflow will
result in arbitrary code execution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2006-4812</cvename>
<url>http://www.hardened-php.net/advisory_092006.133.html</url>
<url>http://secunia.com/advisories/22280/</url>
</references>
<dates>
<discovery>2006-09-30</discovery>
<entry>2006-10-06</entry>
<modified>2006-10-17</modified>
</dates>
</vuln>