ports/164730: [SECURITY] Critical PHP Remote Vulnerability (PHP 5.3.9) lang/php5
Andrei Lavreniyuk
andy.lavr at gmail.com
Fri Feb 3 08:30:12 UTC 2012
>Number: 164730
>Category: ports
>Synopsis: [SECURITY] Critical PHP Remote Vulnerability (PHP 5.3.9) lang/php5
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 03 08:30:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Andrei Lavreniyuk
>Release: FreeBSD 9.0-STABLE
>Organization:
Technica-03, Inc.
>Environment:
FreeBSD datacenter.technica-03.local 9.0-STABLE FreeBSD 9.0-STABLE #0: Thu Feb 2 11:11:50 EET 2012 root at datacenter.technica-03.local:/usr/obj/usr/src/sys/SMP64 amd64
>Description:
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
--- main/php_variables.c.orig 2012-01-01 15:15:04.000000000 +0200
+++ main/php_variables.c 2012-02-03 09:39:44.692970733 +0200
@@ -198,6 +198,9 @@
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+ } else {
+ efree(var_orig);
+ return;
}
}
if (index != escaped_index) {
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list