[Secure-testing-commits] r5662 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Apr 17 21:57:42 UTC 2007 

Author: jmm-guest
Date: 2007-04-17 21:57:39 +0000 (Tue, 17 Apr 2007)
New Revision: 5662

Modified:
   data/CVE/list
   data/mopb.txt
Log:
update another PHP local code execution entry
treat asciiz truncation is a regular bug, this is a security problem
  in broken setups


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-17 21:31:14 UTC (rev 5661)
+++ data/CVE/list	2007-04-17 21:57:39 UTC (rev 5662)
@@ -1116,9 +1116,9 @@
 CVE-2007-1485 (** DISPUTED ** ...)
 	NOT-FOR-US: LIBFtp
 CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...)
-	- php4 <unfixed> (medium)
-	- php5 <unfixed> (medium)
-	NOTE: local malicious scripts only, but allows arbitrary process memory access
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: local malicious scripts only
 CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...)
 	- webcalendar 1.0.5-1 (high)
 CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-04-17 21:31:14 UTC (rev 5661)
+++ data/mopb.txt	2007-04-17 21:57:39 UTC (rev 5662)
@@ -35,7 +35,7 @@
 #TODO(medium) -> needs to be fixed, CVE-2007-1718 (php4 & php5, header injection possible via some MTAs when set to process the headers for recipients)
 
 33  PHP mail() Message ASCIIZ Byte Truncation
-#TODO(low) -> applications could end up vulnerable to phishing attacks if attackers injected a nearly correct-looking email content prior to the NULL byte, CVE-2007-1717 (php4 & php5, possible phishing or other impersonation possible, though this problem is really a problem with the application allowing unsanitized inputs)
+N/A This is a bug, but not security-relevant, CVE-2007-1717 (php4 & php5)
 
 32  PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability (U) 
 TODO(medium) -> needs to be fixed in php/etch, sarge not affected (php4 4.4.5/4.4.6, remote code execution)
@@ -62,7 +62,7 @@
 #Fixed in Etch as part of the 5.2.1 backport, dupe CVE-2007-0907/CVE-2007-1584
 
 24  PHP array_user_key_compare() Double DTOR Vulnerability
-#TODO(medium) -> locally exploitable to gain access to process memory (not remote), CVE-2007-1484 (php4 & php5, code execution)
+N/A Only triggerable by malicious script, CVE-2007-1484 (php4 & php5, code execution)
 
 23  PHP 5 Rejected Session Identifier Double Free Vulnerability
 #TODO(medium) -> locally exploitable to gain access to process memory, hard to do remotely, CVE-2007-1522. (php5 5.2.0+, code execution)

More information about the Secure-testing-commits mailing list