[Secure-testing-team] Bug#511493: CVE-2008-5557: buffer overflow
Steffen Joeris
steffen.joeris at skolelinux.de
Sun Jan 11 15:30:20 UTC 2009
Package: php5
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for php5.
CVE-2008-5557[0]:
| Heap-based buffer overflow in
| ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring
| extension in PHP 4.3.0 through 5.2.6 allows context-dependent
| attackers to execute arbitrary code via a crafted string containing an
| HTML entity, which is not properly handled during Unicode conversion,
| related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3)
| mb_convert_variables, and (4) mb_parse_str functions.
There are some more information available in the php bugreport[1],
including the PoC which seems to work.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557
http://security-tracker.debian.net/tracker/CVE-2008-5557
[1] http://bugs.php.net/bug.php?id=45722
More information about the Secure-testing-team
mailing list