Author: seanius Date: 2007-03-10 15:27:40 +0000 (Sat, 10 Mar 2007) New Revision: 5537 Modified: data/mopb.txt Log: more information and new entry for mopb.txt Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-03-10 12:24:26 UTC (rev 5536) +++ data/mopb.txt 2007-03-10 15:27:40 UTC (rev 5537) @@ -1,16 +1,26 @@ +17 PHP ext/filter FDF Post Bypass Vulnerability +TODO(low) -> ...or possibly "broken as designed". + 16 PHP zip:// URL Wrapper Buffer Overflow Vulnerability +VERIFY -> is this CVE-2007-0906/zip? i can''t reproduce it anyway... 15 PHP shmop Functions Resource Verification Vulnerability +TODO(medium) -> user-supplied data could be used to read/write arbitrary memory 14 PHP substr_compare() Information Leak Vulnerability +TODO(low) -> corner-case where length+offset > INT_MAX 13 PHP 4 Ovrimos Extension Multiple Vulnerabilities +N/A -> Ovrimos support not provided in any debian php packages 12 mod_security POST Rules Bypass Vulnerability +N/A -> applies to modsecurity, not packaged for sarge/etch/(sid?) 11 PHP WDDX Session Deserialization Information Leak Vulnerability +Fixed in DSA-1264. CVE-2007-0908 10 PHP php_binary Session Deserialization Information Leak Vulnerability +TODO(low) -> Can only leak 127 bytes of data 09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability N/A -> Only applies to a development version in CVS, not a shipped release @@ -28,6 +38,7 @@ Fixed in DSA-1264. CVE-2007-0988 04 PHP 4 unserialize() ZVAL Reference Counter Overflow +TODO(medium) -> Arguably an app bug, but we should probably grab the fix anyway 03 PHP Variable Destructor Deep Recursion Stack Overflow N/A -> Applications need to impose sanity checks for maximum recursion