Multiple vulnerabilities in PHP
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2012-2386 CVE-2012-2329 CVE-2012-2335 CVE-2012-2336 |
| CWE-ID | CWE-122 CWE-119 CWE-264 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU43908
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C]
CVE-ID: CVE-2012-2386
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4. A remote attacker can use a crafted tar file that triggers a heap-based buffer overflow. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPHP: 1.0 - 5.4.2
External linkshttp://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html
http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
http://openwall.com/lists/oss-security/2012/05/22/10
http://support.apple.com/kb/HT5501
http://www.php.net/ChangeLog-5.php
http://bugs.php.net/bug.php?id=61065
http://bugzilla.redhat.com/show_bug.cgi?id=823594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Buffer overflow
EUVDB-ID: #VU44085
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2012-2329
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.4.0 - 5.4.2
External linkshttp://secunia.com/advisories/49014
http://www.php.net/archive/2012.php#id2012-05-08-1
http://www.php.net/ChangeLog-5.php#5.4.3
http://www.securityfocus.com/bid/53455
http://bugs.php.net/bug.php?id=61807
http://bugzilla.redhat.com/show_bug.cgi?id=820000
http://exchange.xforce.ibmcloud.com/vulnerabilities/75545
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU44086
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2335
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.3.12 - 5.4.2
External linkshttp://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
http://secunia.com/advisories/49014
http://www.kb.cert.org/vuls/id/520827
http://www.php.net/archive/2012.php#id2012-05-06-1
http://bugs.php.net/bug.php?id=61910
http://exchange.xforce.ibmcloud.com/vulnerabilities/75652
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU44087
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2336
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.4.2
External linkshttp://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
http://secunia.com/advisories/49014
http://www.php.net/archive/2012.php#id2012-05-08-1
http://www.php.net/ChangeLog-5.php#5.4.3
http://bugs.php.net/bug.php?id=61910
http://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
