Multiple vulnerabilities in PHP
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Race condition
EUVDB-ID: #VU45388
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-0753
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.2
CPE2.3- cpe:2.3:a:php_group:php:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:2.0b10:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.3.2:*:*:*:*:*:*:*
https://bugs.php.net/52784
https://www.php.net/ChangeLog-5.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/65431
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU45389
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-0755
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.2
CPE2.3 External linkshttps://bugs.php.net/46587
https://www.php.net/ChangeLog-5.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/65426
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12589
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU45432
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-4699
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.2
CPE2.3 External linkshttps://bugs.php.net/52941
https://coding.derkeiler.com/Archive/PHP/php.general/2007-04/msg00605.html
https://www.php.net/ChangeLog-5.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/64963
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12393
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU45434
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2006-7243
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
PHP before 5.3.4 accepts the � character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php�.jpg at the end of the argument to the file_exists function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 1.0 - 5.3.2
CPE2.3 External linkshttps://bugs.php.net/39863
https://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
https://marc.info/?l=bugtraq&m=132871655717248&w=2
https://marc.info/?l=bugtraq&m=133469208622507&w=2
https://openwall.com/lists/oss-security/2010/11/18/4
https://openwall.com/lists/oss-security/2010/11/18/5
https://openwall.com/lists/oss-security/2010/12/09/10
https://openwall.com/lists/oss-security/2010/12/09/11
https://openwall.com/lists/oss-security/2010/12/09/9
https://rhn.redhat.com/errata/RHSA-2013-1307.html
https://rhn.redhat.com/errata/RHSA-2013-1615.html
https://rhn.redhat.com/errata/RHSA-2014-0311.html
https://secunia.com/advisories/55078
https://support.apple.com/kb/HT4581
https://svn.php.net/viewvc?view=revision&revision=305412
https://svn.php.net/viewvc?view=revision&revision=305507
https://www.madirish.net/?article=436
https://www.mandriva.com/security/advisories?name=MDVSA-2010:254
https://www.php.net/archive/2010.php#id2010-12-10-1
https://www.php.net/ChangeLog-5.php
https://www.php.net/releases/5_3_4.php
https://www.securityfocus.com/bid/44951
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12569
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
