[Secure-testing-commits] r5661 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Apr 17 21:31:17 UTC 2007 

Author: jmm-guest
Date: 2007-04-17 21:31:14 +0000 (Tue, 17 Apr 2007)
New Revision: 5661

Modified:
   data/CVE/list
   data/mopb.txt
Log:
update PHP entry (see recent discussion on IRC)
new cron issue doesn't affect Debian


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-17 21:07:48 UTC (rev 5660)
+++ data/CVE/list	2007-04-17 21:31:14 UTC (rev 5661)
@@ -243,6 +243,7 @@
 	RESERVED
 CVE-2007-1856
 	RESERVED
+	- cron <not-affected> (Debian uses proper permission scheme)
 CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
 	NOT-FOR-US: Shop-Script
 CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...)
@@ -1375,8 +1376,9 @@
 CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
-	- php4 <unfixed> (medium)
-	- php5 <unfixed> (medium)
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: Only triggerable by malicious script
 CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
 	- php5 <unfixed> (low)
 	NOTE: Should be fixed, could be used as a stepstone for further attacks

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-04-17 21:07:48 UTC (rev 5660)
+++ data/mopb.txt	2007-04-17 21:31:14 UTC (rev 5661)
@@ -89,12 +89,7 @@
 #TODO(medium) -> possible remote data can result in code execution in 5.2.0 which uses the zip handler, CVE-2007-1399. (php5 5.2.0 only, code execution)
 
 15  PHP shmop Functions Resource Verification Vulnerability
-#TODO(medium) -> user-supplied data could be used to read/write arbitrary memory, CVE-2007-1376 (php4 & php5, arbitrary memory leakage)
-  AFAICS this can only be triggered by malicious script and thus doesn't fall under our
-  PHP security policy? -jmm
-  Leaking SSL private keys from an Apache server is something a "normal" PHP
-  script is unable to do.  If tiny memory leaks like MOPB 10, 11, and 14 are
-  going to be fixed, this one certainly should be fixed too. -kees
+N/A Only triggerable by malicious script, could be used to read/write arbitrary memory, CVE-2007-1376 (php4 & php5, arbitrary memory leakage)
 
 14  PHP substr_compare() Information Leak Vulnerability
 #TODO(low) -> corner-case where length+offset > INT_MAX, CVE-2007-1375 (php5, heap leak)

More information about the Secure-testing-commits mailing list