CVE-2013-4073 - Hostname check bypassing vulnerability in SSL client

ulsan1635 / php52-backports

Automatically exported from code.google.com/p/php52-backports

Other

0 stars 0 forks source link

CVE-2013-4073 - Hostname check bypassing vulnerability in SSL client #28

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

This issue has been fixed by PHP Group in PHP 5.3 and higher.

Commit: 
http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfe
e6755

I've attached the patch for PHP 5.3 that also applies in PHP 5.2 with line 
number differences.

Original issue reported on code.google.com by NewEraCr...@gmail.com on 14 Aug 2013 at 2:55

Attachments:

fix-openssl-cve2013_4073.diff

GoogleCodeExporter commented 8 years ago

PHP.NET has fixed a bug with the fix here.
http://git.php.net/?p=php-src.git;a=commitdiff;h=c1c49d6e3983c9ce0b43ffe7bf6e03b
809ed048b

I've attached the new patch.

Original comment by NewEraCr...@gmail.com on 19 Aug 2013 at 9:04

Attachments:

new-fix-openssl-cve2013_4073.diff

GoogleCodeExporter commented 8 years ago

By the way, the correct CVE number is 2013-4248
PHP.NET has mislabeled when fixing it.

Original comment by NewEraCr...@gmail.com on 19 Aug 2013 at 9:06