868832 – (CVE-2012-1171) VUL-1: CVE-2012-1171: php5: open_basedir bypass in RSHUTDOWN of libxml extension

Bug 868832 (CVE-2012-1171) - VUL-1: CVE-2012-1171: php5: open_basedir bypass in RSHUTDOWN of libxml extension

Summary: VUL-1: CVE-2012-1171: php5: open_basedir bypass in RSHUTDOWN of libxml extension

Status:	RESOLVED WONTFIX

Alias:	CVE-2012-1171

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Minor
Target Milestone:	---
Assignee:	Petr Gajdos
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/74856/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-03-18 07:57 UTC by Marcus Meissner
Modified:	2014-03-18 07:59 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-03-18 07:57:29 UTC

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1171
http://www.cvedetails.com/cve/CVE-2012-1171/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1171
https://bugs.php.net/bug.php?id=64660
https://bugzilla.redhat.com/show_bug.cgi?id=802591
https://github.com/php/php-src/blob/master/ext/libxml/tests/bug61367-write.phpt
https://bugs.php.net/bug.php?id=61367
https://github.com/php/php-src/blob/master/ext/libxml/tests/bug61367-read.phpt

Comment 1 Marcus Meissner 2014-03-18 07:58:03 UTC

php53 in SLE11 SP3 is not affected (does not have RSHUTDOWN in grep)

As usual, we do not fix open_basedir issues.

Comment 2 Marcus Meissner 2014-03-18 07:59:20 UTC

close