Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 261192 (CVE-2009-0754) - dev-lang/php mbstring.func_overload privilege escalation (CVE-2009-0754)
Summary: dev-lang/php mbstring.func_overload privilege escalation (CVE-2009-0754)
Status: RESOLVED FIXED
Alias: CVE-2009-0754
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://cvsweb.php.net/viewvc.cgi/php-...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-04 17:04 UTC by Robert Buchholz (RETIRED)
Modified: 2010-01-05 21:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-03-04 17:04:17 UTC 
CVE-2009-0754 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0754):
  PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows
  local users to modify behavior of other sites hosted on the same web
  server by modifying the mbstring.func_overload setting within
  .htaccess, which causes this setting to be applied to other virtual
  hosts on the same server.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-07 18:51:45 UTC 
We also have that code in php-5.2.8-r2 /ext/mbstring/mbstring.c, but on line 1067.

Patch: http://www.dfoerster.de/misc/php-27421.diff

rbu, why did you set whiteboard to "B3 [glsa?]" ?!
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-03-08 02:31:47 UTC 
From my understanding, this might lead to data disclosure or denial of service, but does not allow for inejection of code into other contexts of apache. Maybe I am mistaken there?
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2009-11-26 19:35:14 UTC 
Seems to be fixed in recent PHP versions.
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-05 21:13:44 UTC 
GLSA 201001-03.

Thank you everyone, sorry about the delay.