SB2011011103 - Multiple vulnerabilities in PHP
Published: January 11, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2011-1464)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.
2) Input validation error (CVE-ID: CVE-2011-1466)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
3) Input validation error (CVE-ID: CVE-2011-1467)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
4) Resource management error (CVE-ID: CVE-2011-1468)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.
5) Input validation error (CVE-ID: CVE-2011-1469)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.
6) Input validation error (CVE-ID: CVE-2011-1470)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.
7) Input validation error (CVE-ID: CVE-2011-1471)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
8) Input validation error (CVE-ID: CVE-2011-0421)
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
9) Out-of-bounds read (CVE-ID: CVE-2011-0708)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which. A remote attacker can perform a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
10) Format string error (CVE-ID: CVE-2011-1153)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
11) Input validation error (CVE-ID: CVE-2011-1092)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
12) Input validation error (CVE-ID: CVE-2010-4645)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://bugs.php.net/bug.php?id=54055
- http://marc.info/?l=bugtraq&m=133469208622507&w=2
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
- http://www.php.net/archive/2011.php
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/releases/5_3_6.php
- http://www.vupen.com/english/advisories/2011/0744
- http://bugs.php.net/bug.php?id=53574
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2012-0071.html
- http://secunia.com/advisories/48668
- http://support.apple.com/kb/HT5002
- http://www.debian.org/security/2011/dsa-2266
- http://www.redhat.com/support/errata/RHSA-2011-1423.html
- http://www.securityfocus.com/bid/46967
- http://bugs.php.net/bug.php?id=53512
- http://www.securityfocus.com/bid/46968
- http://bugs.php.net/bug.php?id=54060
- http://bugs.php.net/bug.php?id=54061
- http://www.securityfocus.com/bid/46977
- http://bugs.php.net/bug.php?id=54092
- http://www.securityfocus.com/bid/46970
- http://bugs.php.net/bug.php?id=53579
- http://www.securityfocus.com/bid/46969
- http://bugs.php.net/bug.php?id=49072
- http://www.securityfocus.com/bid/46975
- http://bugs.php.net/bug.php?id=53885
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://secunia.com/advisories/43621
- http://securityreason.com/achievement_securityalert/96
- http://securityreason.com/securityalert/8146
- http://svn.php.net/viewvc/?view=revision&revision=307867
- http://www.exploit-db.com/exploits/17004
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:099
- http://www.securityfocus.com/archive/1/517065/100/0/threaded
- http://www.securityfocus.com/bid/46354
- http://www.vupen.com/english/advisories/2011/0764
- http://www.vupen.com/english/advisories/2011/0890
- https://bugzilla.redhat.com/show_bug.cgi?id=688735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66173
- http://bugs.php.net/bug.php?id=54002
- http://openwall.com/lists/oss-security/2011/02/14/1
- http://openwall.com/lists/oss-security/2011/02/16/7
- http://securityreason.com/securityalert/8114
- http://svn.php.net/viewvc?view=revision&revision=308316
- http://www.exploit-db.com/exploits/16261/
- http://www.securityfocus.com/bid/46365
- https://bugzilla.redhat.com/show_bug.cgi?id=680972
- http://bugs.php.net/bug.php?id=54247
- http://openwall.com/lists/oss-security/2011/03/14/13
- http://openwall.com/lists/oss-security/2011/03/14/14
- http://openwall.com/lists/oss-security/2011/03/14/24
- http://secunia.com/advisories/43744
- http://svn.php.net/viewvc?view=revision&revision=309221
- http://www.securityfocus.com/bid/46854
- https://bugzilla.redhat.com/show_bug.cgi?id=688378
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66079
- http://bugs.php.net/bug.php?id=54193
- http://securityreason.com/securityalert/8130
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018
- http://www.exploit-db.com/exploits/16966
- http://www.openwall.com/lists/oss-security/2011/03/08/11
- http://www.openwall.com/lists/oss-security/2011/03/08/9
- http://www.securityfocus.com/bid/46786
- https://bugzilla.redhat.com/show_bug.cgi?id=683183
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65988
- http://bugs.php.net/53632
- http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html
- http://marc.info/?l=bugtraq&m=133226187115472&w=2
- http://secunia.com/advisories/42812
- http://secunia.com/advisories/42843
- http://secunia.com/advisories/43051
- http://secunia.com/advisories/43189
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095
- http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/
- http://www.openwall.com/lists/oss-security/2011/01/05/2
- http://www.openwall.com/lists/oss-security/2011/01/05/8
- http://www.openwall.com/lists/oss-security/2011/01/06/5
- http://www.redhat.com/support/errata/RHSA-2011-0195.html
- http://www.redhat.com/support/errata/RHSA-2011-0196.html
- http://www.securityfocus.com/bid/45668
- http://www.ubuntu.com/usn/USN-1042-1
- http://www.vupen.com/english/advisories/2011/0060
- http://www.vupen.com/english/advisories/2011/0066
- http://www.vupen.com/english/advisories/2011/0077
- http://www.vupen.com/english/advisories/2011/0198
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64470