Multiple vulnerabilities in PHP
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2011-3267 CVE-2011-3268 CVE-2011-3182 CVE-2011-2202 CVE-2011-0441 CVE-2011-1148 CVE-2011-0420 |
| CWE-ID | CWE-399 CWE-119 CWE-20 CWE-264 CWE-59 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software Subscribe |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU44779
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-3267
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.5
External linkshttp://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://osvdb.org/74739
http://support.apple.com/kb/HT5130
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.php.net/archive/2011.php#id2011-08-18-1
http://www.php.net/ChangeLog-5.php#5.3.7
http://www.securityfocus.com/bid/49241
http://exchange.xforce.ibmcloud.com/vulnerabilities/69428
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU44780
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-3268
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.5
External linkshttp://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://osvdb.org/74738
http://support.apple.com/kb/HT5130
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c?r1=311300&r2=311390&pathrev=315218
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.php.net/archive/2011.php#id2011-08-18-1
http://www.php.net/ChangeLog-5.php#5.3.7
http://www.securityfocus.com/bid/49241
http://exchange.xforce.ibmcloud.com/vulnerabilities/69427
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU44783
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-3182
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.5
External linkshttp://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://marc.info/?l=full-disclosure&m=131373057621672&w=2
http://securityreason.com/achievement_securityalert/101
http://support.apple.com/kb/HT5130
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.openwall.com/lists/oss-security/2011/08/22/9
http://www.securityfocus.com/bid/49249
http://exchange.xforce.ibmcloud.com/vulnerabilities/69430
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU44946
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-2202
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.5
External linkshttp://bugs.php.net/bug.php?id=54939
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://openwall.com/lists/oss-security/2011/06/12/5
http://openwall.com/lists/oss-security/2011/06/13/15
http://pastebin.com/1edSuSVN
http://rhn.redhat.com/errata/RHSA-2012-0071.html
http://secunia.com/advisories/44874
http://securitytracker.com/id?1025659
http://support.apple.com/kb/HT5130
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup&pathrev=312103
http://svn.php.net/viewvc?view=revision&revision=312103
http://www.debian.org/security/2011/dsa-2266
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.php.net/archive/2011.php#id2011-08-18-1
http://www.php.net/ChangeLog-5.php#5.3.7
http://www.redhat.com/support/errata/RHSA-2011-1423.html
http://www.securityfocus.com/bid/48259
http://www.securityfocus.com/bid/49241
http://exchange.xforce.ibmcloud.com/vulnerabilities/67999
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Link following
EUVDB-ID: #VU45157
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-0441
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.3.5
External linkshttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618489
http://git.debian.org/?p=pkg-php/php.git;a=commit;h=d09fd04ed7bfcf7f008360c6a42025108925df09
http://www.mandriva.com/security/advisories?name=MDVSA-2011:069
http://www.securityfocus.com/bid/46928
http://www.vupen.com/english/advisories/2011/0910
http://exchange.xforce.ibmcloud.com/vulnerabilities/66180
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU45220
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1148
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.5
External linkshttp://bugs.php.net/bug.php?id=54238
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://openwall.com/lists/oss-security/2011/03/13/2
http://openwall.com/lists/oss-security/2011/03/13/3
http://openwall.com/lists/oss-security/2011/03/13/9
http://support.apple.com/kb/HT5130
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.php.net/archive/2011.php#id2011-08-18-1
http://www.php.net/ChangeLog-5.php#5.3.7
http://www.redhat.com/support/errata/RHSA-2011-1423.html
http://www.securityfocus.com/bid/46843
http://www.securityfocus.com/bid/49241
http://exchange.xforce.ibmcloud.com/vulnerabilities/66080
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU45307
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]
CVE-ID: CVE-2011-0420
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPHP: 5.3.5
External linkshttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://securityreason.com/achievement_securityalert/94
http://securityreason.com/securityalert/8087
http://support.apple.com/kb/HT5002
http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449
http://www.debian.org/security/2011/dsa-2266
http://www.exploit-db.com/exploits/16182
http://www.kb.cert.org/vuls/id/210829
http://www.securityfocus.com/archive/1/516504/100/0/threaded
http://www.securityfocus.com/archive/1/516518/100/0/threaded
http://www.securityfocus.com/bid/46429
http://exchange.xforce.ibmcloud.com/vulnerabilities/65437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
