SUSE Linux update for PHP5
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2012-2688 CVE-2012-3365 CVE-2012-3450 |
| CWE-ID | CWE-122 CWE-264 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Heap-based buffer underflow
EUVDB-ID: #VU4197
Risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2012-2688
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer underflow in the PHP scandir() function. A remote attacker can create specially crafted files, upload them to a directory the scandir() function runs on and cause the PHP interpreter to crash or execute arbitrary code with privileges of the web server.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Update the affected packages.
SUSE Linux: 11
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU32779
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3365
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
MitigationUpdate the affected packages.
SUSE Linux: 11
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU43771
Risk: Low
CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2012-3450
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
MitigationUpdate the affected packages.
SUSE Linux: 11
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
