Multiple vulnerabilities in PHP



Published: 2011-01-18 | Updated: 2020-08-11
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2011-0753
CVE-2011-0755
CVE-2010-4699
CVE-2006-7243
CWE-ID CWE-362
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		PHP
Universal components / Libraries / Scripting languages

Vendor PHP Group

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Race condition

EUVDB-ID: #VU45388

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-0753

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PHP: 1.0 - 5.3.2

External links

http://bugs.php.net/52784
http://www.php.net/ChangeLog-5.php
http://exchange.xforce.ibmcloud.com/vulnerabilities/65431
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU45389

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-0755

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PHP: 1.0 - 5.3.2

External links

http://bugs.php.net/46587
http://www.php.net/ChangeLog-5.php
http://exchange.xforce.ibmcloud.com/vulnerabilities/65426
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12589


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU45432

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-4699

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PHP: 1.0 - 5.3.2

External links

http://bugs.php.net/52941
http://coding.derkeiler.com/Archive/PHP/php.general/2007-04/msg00605.html
http://www.php.net/ChangeLog-5.php
http://exchange.xforce.ibmcloud.com/vulnerabilities/64963
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12393


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU45434

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2006-7243

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

PHP before 5.3.4 accepts the character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php.jpg at the end of the argument to the file_exists function.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PHP: 1.0 - 5.3.2

External links

http://bugs.php.net/39863
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://marc.info/?l=bugtraq&m=132871655717248&w=2
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://openwall.com/lists/oss-security/2010/11/18/4
http://openwall.com/lists/oss-security/2010/11/18/5
http://openwall.com/lists/oss-security/2010/12/09/10
http://openwall.com/lists/oss-security/2010/12/09/11
http://openwall.com/lists/oss-security/2010/12/09/9
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://rhn.redhat.com/errata/RHSA-2013-1615.html
http://rhn.redhat.com/errata/RHSA-2014-0311.html
http://secunia.com/advisories/55078
http://support.apple.com/kb/HT4581
http://svn.php.net/viewvc?view=revision&revision=305412
http://svn.php.net/viewvc?view=revision&revision=305507
http://www.madirish.net/?article=436
http://www.mandriva.com/security/advisories?name=MDVSA-2010:254
http://www.php.net/archive/2010.php#id2010-12-10-1
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_3_4.php
http://www.securityfocus.com/bid/44951
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12569


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###