Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 373965 - <dev-lang/php-5.3.8: addGlob() Denial of Service (CVE-2011-1657)
Summary: <dev-lang/php-5.3.8: addGlob() Denial of Service (CVE-2011-1657)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2011-07-03 23:34 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-10 21:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-07-03 23:34:24 UTC
Fix commit is at $URL. From the upstream bug at

Test script:
The crash come, when we run libc/glob(3) function with incorrect flag.
Tested also on linux/ubuntu and (netbsd)

cx@cx64:~$ php -v
PHP 5.3.3-1ubuntu9.3 with Suhosin-Patch (cli) (built: Jan 12 2011 16:07:38)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
cx@cx64:~$ uname -a
Linux cx64 2.6.35-28-generic #49-Ubuntu SMP Tue Mar 1 14:39:03 UTC 2011
x86_64 GNU/Linux
cx@cx64:/www$ cat zip.php



?>cx@cx64:/www$ php zip.php
Segmentation fault
Comment 1 Agostino Sarubbo gentoo-dev 2011-09-13 21:44:17 UTC
I checked manually php-5.3.8 sources, and the commit at $URL seems applied.

=dev-lang/php-5.3.8 is stable on all arches.

So as per B3 adding glsa vote request.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-09-19 19:03:55 UTC
Thanks, Agostino. GLSA Vote: yes.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:59:25 UTC
CVE-2011-1657 (
  The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in
  ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a
  denial of service (application crash) via certain flags arguments, as
  demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2011-10-08 16:00:47 UTC
YES too.
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2011-10-10 21:40:58 UTC
This issue was resolved and addressed in
 GLSA 201110-06 at
by GLSA coordinator Tobias Heinlein (keytoaster).