Multiple vulnerabilities in PHP
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2012-0781 CVE-2011-4153 CVE-2011-3379 |
| CWE-ID | CWE-476 CWE-94 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU44403
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2012-0781
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPHP: 5.3.8
CPE2.3 External linkshttps://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
https://cxsecurity.com/research/103
https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
https://secunia.com/advisories/48668
https://www.exploit-db.com/exploits/18370/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) NULL pointer dereference
EUVDB-ID: #VU44404
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2011-4153
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPHP: 5.3.8
CPE2.3https://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
https://cxsecurity.com/research/103
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
https://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
https://marc.info/?l=bugtraq&m=134012830914727&w=2
https://secunia.com/advisories/48668
https://www.exploit-db.com/exploits/18370/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Code Injection
EUVDB-ID: #VU44549
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3379
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.3.7 - 5.3.8
CPE2.3https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://securityreason.com/securityalert/8525
https://svn.php.net/viewvc/?view=revision&revision=317183
https://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
https://www.securityfocus.com/archive/1/519770/30/0/threaded
https://bugs.php.net/bug.php?id=55475
https://bugzilla.redhat.com/show_bug.cgi?id=741020
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
