SB2011021901 - Multiple vulnerabilities in PHP

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011021901

SB2011021901 - Multiple vulnerabilities in PHP

Published: February 19, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011021901
Severity
High
Patch available
NO
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2011-3267)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.


2) Buffer overflow (CVE-ID: CVE-2011-3268)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.


3) Input validation error (CVE-ID: CVE-2011-3182)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-2202)

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."


5) Link following (CVE-ID: CVE-2011-0441)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.


6) Resource management error (CVE-ID: CVE-2011-1148)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.


7) Input validation error (CVE-ID: CVE-2011-0420)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References