Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 401997 (CVE-2012-0830) - <dev-lang/php-5.3.10: php_register_variable_ex() ACE introduced by HashDos fix (CVE-2012-{0830,0831})
Summary: <dev-lang/php-5.3.10: php_register_variable_ex() ACE introduced by HashDos fi...
Status: RESOLVED FIXED
Alias: CVE-2012-0830
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://thexploit.com/sec/critical-php...
Whiteboard: A1 [glsa]
Keywords:
: 401999 402079 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-02-02 22:10 UTC by Alex Legler (RETIRED)
Modified: 2012-09-24 00:27 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2012-02-02 22:10:32 UTC
Stefan Esser reported that the fix for the HashDoS issue makes PHP susceptible to arbitrary code execution. Details in $URL.

Upstream commit: http://svn.php.net/viewvc?view=revision&revision=323007
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2012-02-02 22:30:47 UTC
php-5.3.10 committed to CVS. It may take 1-2 hours till the patchset is available on mirrors, tho.
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2012-02-02 22:47:21 UTC
*** Bug 401999 has been marked as a duplicate of this bug. ***
Comment 3 Agostino Sarubbo gentoo-dev 2012-02-03 16:44:59 UTC
*** Bug 402079 has been marked as a duplicate of this bug. ***
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2012-02-03 16:51:19 UTC
Arches, please test and mark stable:
=dev-lang/php-5.3.10
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 5 Agostino Sarubbo gentoo-dev 2012-02-03 23:25:23 UTC
amd64 stable
Comment 6 Jeroen Roovers gentoo-dev 2012-02-06 01:24:15 UTC
Stable for HPPA.
Comment 7 Brent Baude (RETIRED) gentoo-dev 2012-02-06 20:17:12 UTC
ppc done
Comment 8 Thomas Kahle (RETIRED) gentoo-dev 2012-02-09 10:07:56 UTC
x86 done. Thanks
Comment 9 Markus Meier gentoo-dev 2012-02-13 22:28:13 UTC
arm stable
Comment 10 Tobias Klausmann gentoo-dev 2012-02-17 17:59:00 UTC
Stable on alpha.
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2012-02-18 19:42:56 UTC
ia64/s390/sh/sparc stable
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-02-21 04:09:31 UTC
CVE-2012-0830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830):
  The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows
  remote attackers to execute arbitrary code via a request containing a large
  number of variables, related to improper handling of array variables.  NOTE:
  this vulnerability exists because of an incorrect fix for CVE-2011-4885.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2012-02-26 22:47:16 UTC
CVE-2012-0831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831):
  PHP before 5.3.10 does not properly perform a temporary change to the
  magic_quotes_gpc directive during the importing of environment variables,
  which makes it easier for remote attackers to conduct SQL injection attacks
  via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c,
  and sapi/fpm/fpm/fpm_main.c.
Comment 14 Brent Baude (RETIRED) gentoo-dev 2012-03-03 15:32:08 UTC
ppc64 done
Comment 15 Tim Sammut (RETIRED) gentoo-dev 2012-03-03 20:10:32 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2012-09-24 00:27:40 UTC
This issue was resolved and addressed in
 GLSA 201209-03 at http://security.gentoo.org/glsa/glsa-201209-03.xml
by GLSA coordinator Sean Amoss (ackle).