CVE-2013-6420 - Githubissues

rantoniuk / php52-backports

Automatically exported from code.google.com/p/php52-backports

Other

1 stars 1 forks source link

CVE-2013-6420 #37

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

Further information:
http://packetstormsecurity.com/files/124436/PHP-openssl_x509_parse-Memory-Corrup
tion.html

Patch:
http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf8
20fc18415

Original issue reported on code.google.com by NewEraCr...@gmail.com on 16 Dec 2013 at 1:35

GoogleCodeExporter commented 8 years ago

Yeah, i was thinking too, this would need attention

also, was CVE-2013-4073 already addressed? i think not.

Original comment by elan.ruu...@gmail.com on 17 Dec 2013 at 7:31

GoogleCodeExporter commented 8 years ago

the raw diff from git.php.net applies cleanly (excluding NEWS entry):

$ patch -p1 < CVE-2013-6420.patch
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 362 (offset -282 lines).
patching file ext/openssl/tests/cve-2013-6420.crt
patching file ext/openssl/tests/cve-2013-6420.phpt

Original comment by elan.ruu...@gmail.com on 17 Dec 2013 at 7:41

GoogleCodeExporter commented 8 years ago

CVE-2013-4073: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=dcea4ec698dcae39b7bba6f6aa08933
cbfee6755

Original comment by elan.ruu...@gmail.com on 17 Dec 2013 at 7:41

GoogleCodeExporter commented 8 years ago

CVE-2013-4073 applies fine (without NEWS hunk):

$ patch -p1 < CVE-2013-4073.patch
patching file ext/openssl/openssl.c
Hunk #1 succeeded at 1029 (offset -297 lines).
Hunk #2 succeeded at 1193 (offset -297 lines).
patching file ext/openssl/tests/cve2013_4073.pem
patching file ext/openssl/tests/cve2013_4073.phpt

Original comment by elan.ruu...@gmail.com on 17 Dec 2013 at 7:43

GoogleCodeExporter commented 8 years ago

CVE-2013-4248 (Previously known as CVE-2013-4073) is already reported here:
https://code.google.com/p/php52-backports/issues/detail?id=28

Original comment by NewEraCr...@gmail.com on 17 Jun 2014 at 8:57

GoogleCodeExporter commented 8 years ago

After this CVE is fixed (by applying CVE-2013-6420 patch from PHP.NET Git).

Another bug fix will need to be applied:
http://git.php.net/?p=php-src.git;a=commitdiff;h=76a7fd893b7d6101300cc656058704a
73254d593;hp=5fd7c2b01ddfcf932f364dc7065e7b0dd492655e

Attached is a patch for PHP 5.3.28. This patch should also apply fine in PHP 
5.2.17.

PS: Only apply the bug fix after applying the security fix.

Original comment by NewEraCr...@gmail.com on 30 Jul 2014 at 11:47

Attachments:

php5.3.28-bug65698-bug66636.patch