LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php: two vulnerabilities

Package(s):php CVE #(s):CVE-2013-1635 CVE-2013-1643
Created:February 28, 2013 Updated:April 3, 2013
Description:

From the Mandriva advisory:

PHP does not validate the configration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations (CVE-2013-1635).

PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send serialized SoapClient object initialized in non-wsdl mode which will make PHP to parse automatically remote XML-document specified in the location option parameter (CVE-2013-1643).

Alerts:
Mandriva MDVSA-2013:016 2013-02-28
Debian DSA-2639-1 2013-03-05
Ubuntu USN-1761-1 2013-03-13
Slackware SSA:2013-081-01 2013-03-23
Mageia MGASA-2013-0101 2013-04-02
Fedora FEDORA-2013-3891 2013-04-03
Fedora FEDORA-2013-3927 2013-04-03
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds