lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Mar 2007 18:25:48 -0400 (EDT) From: "Steven M. Christey" <coley@...re.org> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite Stefano Di Paola said: >1. I search on google for import_request_variables advisories >(nothing found) >2. I search on php.net in changeLog for fixes (nothing found). I can see why you weren't able to find anything. However, there have been a number of disclosures that are probably related - but these were grep-and-gripe affairs in third party applications, where the researcher didn't necessarily investigate *why* certain attacks worked. Grepping for superglobal names through CVE suggests the following PHP application issues might be related to this behavior, although in some cases it could just be some extract() or dynamic variable evaluation or other method for overwriting critical variables: CVE-2007-1024 - _SERVER[DOCUMENT_ROOT] CVE-2006-4673 - _SERVER[REMOTE_ADDR] (might be extract) CVE-2006-4545 - _SERVER[DOCUMENT_ROOT] CVE-2006-3798 - _SERVER, _ENV, _COOKIE (extract) CVE-2006-1914 - GLOBALS, _SERVER CVE-2005-4318 - _SERVER[REMOTE_ADDR] CVE-2005-4317 - _SERVER[REMOTE_ADDR] CVE-2005-3926 - _SERVER[REMOTE_ADDR] CVE-2005-2574 - _SERVER[REMOTE_ADDR] (extract) CVE-2005-1996 - _SERVER[DOCUMENT_ROOT] CVE-2005-3300 - _FILES CVE-2007-0599 - SERVER CVE-2006-5796 - _SESSION[docroot_path] CVE-2006-5078 - _SESSION[dirMain] CVE-2006-2828 - import_request_variables(), but not for superglobals etc. - Steve
Powered by blists - more mailing lists