|
|
 |
| New User, Welcome! Login |
Re: [Full-disclosure] Month of PHP Security - Summary - 1st May - 10th May
| From: |
Eren =?iso-8859-1?Q?T=FCrkay?= <eren pardus org tr> |
| To: |
Stefan Esser <stefan esser sektioneins de> |
| Cc: |
bugtraq securityfocus com, full-disclosure <full-disclosure lists grok org uk> |
| Subject: |
Re: [Full-disclosure] Month of PHP Security - Summary - 1st May - 10th May |
| Date: |
Tue - May 11, 2010 01:24 AM |
On Mon, May 10, 2010 at 09:05:16PM +0200, Stefan Esser wrote:
> Hi everyone,
>
> 10 days ago the Month of PHP Security 2010 has started at
> http://www.php-security.org/ and meanwhile 20 vulnerabilities were
> posted and also 4 user submitted articles were published. Here is a
> short summary of what was released so far. You can follow the Month of
> PHP Security on Twitter, too. Just follow @mops_2010
Thank you and all the volunteers for your efforts. It is good to see
that Month of PHP Security 2010 is started.
I think, it would be better to mention CVE IDs assigned to these issues
by MITRE in your advisories. Below is what I have been able to collect.
> Vulnerabilities in PHP
> ----------------------
>
> MOPS-2010-017: PHP preg_quote() Interruption Information Leak
> Vulnerability - http://bit.ly/cUYsbj
> MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak
> Vulnerability - http://bit.ly/bwT28V
> MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak
> Vulnerability - http://bit.ly/a3BonY
> MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information
> Leak Vulnerability - http://bit.ly/cdMzTo
Not assigned yet
> MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage
> Vulnerability - http://bit.ly/bhHyrj
> MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage
> Vulnerability - http://bit.ly/8Z8xYt
- CVE-2010-1868 (for both issues)
> MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak
> Vulnerability - http://bit.ly/doxAXk
- CVE-2010-1860
> MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access
> Vulnerability - http://bit.ly/b4NBD8
- CVE-2010-1861
> MOPS-2010-008: PHP chunk_split() Interruption Information Leak
> Vulnerability - http://bit.ly/cVoWoM
- CVE-2010-1862
> MOPS-2010-006: PHP addcslashes() Interruption Information Leak
> Vulnerability - http://bit.ly/b5gkaf
- CVE-2010-1864
> MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability -
> http://bit.ly/bXDivD
- CVE-2010-1866
> MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access
> Vulnerability - http://bit.ly/aZDRha
Not assigned yet
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
