Multiple vulnerabilities in PHP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2010-4150 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 |
| CWE-ID | CWE-399 CWE-264 CWE-476 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU110279
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-4150
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.3.3
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.14:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
https://marc.info/?l=bugtraq&m=133469208622507&w=2
https://secunia.com/advisories/42729
https://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
https://support.apple.com/kb/HT4581
https://svn.php.net/viewvc?view=revision&revision=305032
https://www.mandriva.com/security/advisories?name=MDVSA-2010:239
https://www.php.net/archive/2010.php#id2010-12-10-1
https://www.php.net/ChangeLog-5.php
https://www.php.net/releases/5_2_15.php
https://www.php.net/releases/5_3_4.php
https://www.securityfocus.com/bid/44980
https://www.securitytracker.com/id?1024761
https://www.vupen.com/english/advisories/2010/3027
https://www.vupen.com/english/advisories/2010/3313
https://www.vupen.com/english/advisories/2011/0020
https://www.vupen.com/english/advisories/2011/0021
https://bugzilla.redhat.com/show_bug.cgi?id=656917
https://exchange.xforce.ibmcloud.com/vulnerabilities/63390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12489
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU110283
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-3436
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to corrupt data.
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.0 - 5.2.14
CPE2.3- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.9:*:*:*:*:*:*:*
https://www.mandriva.com/security/advisories?name=MDVSA-2010:218
https://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824
https://svn.php.net/viewvc?view=revision&revision=303824
https://security-tracker.debian.org/tracker/CVE-2010-3436
https://www.securityfocus.com/bid/44723
https://secunia.com/advisories/42729
https://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
https://www.vupen.com/english/advisories/2010/3313
https://www.php.net/ChangeLog-5.php
https://www.php.net/releases/5_3_4.php
https://www.vupen.com/english/advisories/2011/0077
https://www.php.net/archive/2010.php#id2010-12-10-1
https://secunia.com/advisories/42812
https://www.php.net/releases/5_2_15.php
https://www.ubuntu.com/usn/USN-1042-1
https://support.apple.com/kb/HT4581
https://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
https://support.apple.com/kb/HT5002
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU110284
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2010-3709
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ZIP archive.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.0 - 5.2.14
CPE2.3- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.14:*:*:*:*:*:*:*
https://www.mandriva.com/security/advisories?name=MDVSA-2010:218
https://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log
https://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log
https://www.exploit-db.com/exploits/15431
https://securityreason.com/achievement_securityalert/90
https://www.securityfocus.com/bid/44718
https://www.securitytracker.com/id?1024690
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
https://www.vupen.com/english/advisories/2010/3313
https://www.vupen.com/english/advisories/2011/0020
https://secunia.com/advisories/42729
https://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
https://www.php.net/releases/5_3_4.php
https://www.php.net/releases/5_2_15.php
https://secunia.com/advisories/42812
https://www.php.net/ChangeLog-5.php
https://www.php.net/archive/2010.php#id2010-12-10-1
https://www.ubuntu.com/usn/USN-1042-1
https://www.vupen.com/english/advisories/2011/0021
https://www.vupen.com/english/advisories/2011/0077
https://www.redhat.com/support/errata/RHSA-2011-0195.html
https://support.apple.com/kb/HT4581
https://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
https://marc.info/?l=bugtraq&m=130331363227777&w=2
https://marc.info/?l=bugtraq&m=133469208622507&w=2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Resource management error
EUVDB-ID: #VU110285
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-3710
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.3.3
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.3:*:*:*:*:*:*:*
https://bugs.php.net/bug.php?id=52929
https://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
https://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
https://marc.info/?l=bugtraq&m=133469208622507&w=2
https://secunia.com/advisories/42812
https://secunia.com/advisories/43189
https://support.apple.com/kb/HT4581
https://www.mandriva.com/security/advisories?name=MDVSA-2010:218
https://www.php.net/archive/2010.php#id2010-12-10-1
https://www.php.net/ChangeLog-5.php
https://www.php.net/releases/5_2_15.php
https://www.php.net/releases/5_3_4.php
https://www.redhat.com/support/errata/RHSA-2011-0196.html
https://www.securityfocus.com/bid/43926
https://www.ubuntu.com/usn/USN-1042-1
https://www.vupen.com/english/advisories/2011/0020
https://www.vupen.com/english/advisories/2011/0021
https://www.vupen.com/english/advisories/2011/0077
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
