#VU44549 Code Injection in PHP - CVE-2011-3379

Cybersecurity Help s.r.o.

Published: 2011-11-03 | Updated: 2020-08-11

Vulnerability identifier: #VU44549

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-3379

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 5.3.7 - 5.3.8

External links
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://securityreason.com/securityalert/8525
https://svn.php.net/viewvc/?view=revision&revision=317183
https://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
https://www.securityfocus.com/archive/1/519770/30/0/threaded
https://bugs.php.net/bug.php?id=55475
https://bugzilla.redhat.com/show_bug.cgi?id=741020

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for PHP

Multiple vulnerabilities in PHP