SB2010122401 - Slackware Linux update for php

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2010122401

SB2010122401 - Slackware Linux update for php

Published: December 24, 2010 Updated: June 28, 2025

Security Bulletin ID SB2010122401
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2010-3436)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.


2) NULL pointer dereference (CVE-ID: CVE-2010-3709)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ZIP archive.


3) Resource management error (CVE-ID: CVE-2010-4150)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.


Remediation

Install update from vendor's website.

References