1
Candidate: CVE-2009-3294
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3294
5
http://www.php.net/ChangeLog-5.php#5.2.11
6
http://www.openwall.com/lists/oss-security/2009/09/20/1
8
The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x
9
before 5.3.1, when running on certain Windows operating systems, allows
10
context-dependent attackers to cause a denial of service (crash) via a
11
crafted (1) "e" or (2) "er" string in the second argument (aka mode),
12
possibly related to the _fdopen function in the Microsoft C runtime
13
library. NOTE: this might not cross privilege boundaries except in rare
14
cases in which the mode argument is accessible to an attacker outside of an
15
application that uses the popen function.
18
mdeslaur> Windows-only
20
http://bugs.php.net/bug.php?id=44683
26
upstream: http://svn.php.net/viewvc?view=revision&revision=287779
27
upstream_php5: released (5.2.11)
28
dapper_php5: not-affected
29
hardy_php5: not-affected
30
intrepid_php5: not-affected
31
jaunty_php5: not-affected
32
devel_php5: not-affected