Executive Summary
Summary | |
---|---|
Title | php5 security update |
Informations | |||
---|---|---|---|
Name | DSA-2195 | First vendor Publication | 2011-03-19 |
Vendor | Debian | Last vendor Modification | 2011-03-19 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441). When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable. For the oldstable distribution (lenny), this problem has been fixed in version 5.2.6.dfsg.1-1+lenny10. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 5.3.6-1. Additionally, the following vulnerabilities have also been fixed in the oldstable distribution (lenny): CVE-2010-3709 Maksymilian Arciemowicz discovered that the ZipArchive class may dereference a NULL pointer when extracting comments from a zip archive, leading to application crash and possible denial of service. CVE-2010-3710 Stefan Neufeind discovered that the FILTER_VALIDATE_EMAIL filter does not correctly handle long, to be validated, strings. Such crafted strings may lead to denial of service because of high memory consumption and application crash. CVE-2010-3870 It was discovered that PHP does not correctly handle certain UTF-8 sequences and may be used to bypass XSS protections. CVE-2010-4150 Mateusz Kocielski discovered that the imap extension may try to free already freed memory when processing user credentials, leading to application crash and possibly arbitrary code execution. We recommend that you upgrade your php5 packages. |
Original Source
Url : http://www.debian.org/security/2011/dsa-2195 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-399 | Resource Management Errors |
40 % | CWE-20 | Improper Input Validation |
20 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12489 | |||
Oval ID: | oval:org.mitre.oval:def:12489 | ||
Title: | Denial of service vulnerability in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 in IMAP extension | ||
Description: | Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4150 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | PHP |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12808 | |||
Oval ID: | oval:org.mitre.oval:def:12808 | ||
Title: | DSA-2195-1 php5 -- several | ||
Description: | Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system. When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2195-1 CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870 CVE-2010-4150 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | php5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15505 | |||
Oval ID: | oval:org.mitre.oval:def:15505 | ||
Title: | USN-1358-2 -- PHP regression | ||
Description: | php5: HTML-embedded scripting language interpreter Details: USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get function. We apologize for the inconvenience. Original advisory USN 1358-1 introduced a regression in PHP. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1358-2 CVE-2012-0831 CVE-2011-4885 CVE-2012-0830 CVE-2011-4153 CVE-2012-0057 CVE-2012-0788 CVE-2011-0441 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | PHP |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-11-05 | PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for php53 CESA-2011:0196 centos5 x86_64 File : nvt/gb_CESA-2011_0196_php53_centos5_x86_64.nasl |
2012-06-21 | Name : PHP 5.2 < 5.2.15 File : nvt/nopsec_php_5_2_15.nasl |
2012-06-21 | Name : PHP version smaller than 5.3.4 File : nvt/nopsec_php_5_3_4.nasl |
2012-06-05 | Name : RedHat Update for php RHSA-2011:0195-01 File : nvt/gb_RHSA-2011_0195-01_php.nasl |
2012-02-21 | Name : Ubuntu Update for php5 USN-1358-2 File : nvt/gb_ubuntu_USN_1358_2.nasl |
2012-02-13 | Name : Ubuntu Update for php5 USN-1358-1 File : nvt/gb_ubuntu_USN_1358_1.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-06 (php) File : nvt/glsa_201110_06.nasl |
2011-08-26 | Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001) File : nvt/secpod_macosx_su11-001.nasl |
2011-08-09 | Name : CentOS Update for php53 CESA-2011:0196 centos5 i386 File : nvt/gb_CESA-2011_0196_php53_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for php CESA-2010:0919 centos5 i386 File : nvt/gb_CESA-2010_0919_php_centos5_i386.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2195-1 (php5) File : nvt/deb_2195_1.nasl |
2011-05-10 | Name : Ubuntu Update for php5 USN-1126-2 File : nvt/gb_ubuntu_USN_1126_2.nasl |
2011-05-10 | Name : Ubuntu Update for php5 USN-1126-1 File : nvt/gb_ubuntu_USN_1126_1.nasl |
2011-04-11 | Name : Mandriva Update for php MDVSA-2011:069 (php) File : nvt/gb_mandriva_MDVSA_2011_069.nasl |
2011-02-04 | Name : RedHat Update for php53 RHSA-2011:0196-01 File : nvt/gb_RHSA-2011_0196-01_php53.nasl |
2011-01-31 | Name : PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability File : nvt/gb_php_imap_do_open_dos_vuln.nasl |
2011-01-24 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php57.nasl |
2011-01-24 | Name : FreeBSD Ports: php5-zip File : nvt/freebsd_php5-zip.nasl |
2011-01-24 | Name : FreeBSD Ports: php5-imap File : nvt/freebsd_php5-imap1.nasl |
2011-01-24 | Name : FreeBSD Ports: php5-filter File : nvt/freebsd_php5-filter.nasl |
2011-01-14 | Name : Ubuntu Update for php5 vulnerabilities USN-1042-1 File : nvt/gb_ubuntu_USN_1042_1.nasl |
2011-01-11 | Name : Fedora Update for php FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_php_fc13.nasl |
2011-01-11 | Name : Fedora Update for php-eaccelerator FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_php-eaccelerator_fc13.nasl |
2011-01-11 | Name : Fedora Update for maniadrive FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_maniadrive_fc13.nasl |
2011-01-11 | Name : Fedora Update for php FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_php_fc14.nasl |
2011-01-11 | Name : Fedora Update for php-eaccelerator FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_php-eaccelerator_fc14.nasl |
2011-01-11 | Name : Fedora Update for maniadrive FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_maniadrive_fc14.nasl |
2010-12-28 | Name : Mandriva Update for php MDVSA-2010:254 (php) File : nvt/gb_mandriva_MDVSA_2010_254.nasl |
2010-12-09 | Name : RedHat Update for php RHSA-2010:0919-01 File : nvt/gb_RHSA-2010_0919-01_php.nasl |
2010-12-09 | Name : CentOS Update for php CESA-2010:0919 centos4 i386 File : nvt/gb_CESA-2010_0919_php_centos4_i386.nasl |
2010-11-23 | Name : Mandriva Update for php MDVSA-2010:239 (php) File : nvt/gb_mandriva_MDVSA_2010_239.nasl |
2010-11-23 | Name : PHP 'filter_var()' function Stack Consumption Vulnerability File : nvt/gb_php_stack_consumption_vuln.nasl |
2010-11-16 | Name : Mandriva Update for php MDVSA-2010:224 (php) File : nvt/gb_mandriva_MDVSA_2010_224.nasl |
2010-11-16 | Name : Mandriva Update for php MDVSA-2010:218 (php) File : nvt/gb_mandriva_MDVSA_2010_218.nasl |
2010-11-10 | Name : PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability File : nvt/gb_php_44605.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-357-01 php File : nvt/esoft_slk_ssa_2010_357_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73706 | PHP on Debian GNU/Linux /etc/cron.d/php5 Directory Symlink Arbitrary File Del... |
69660 | PHP ext/imap/php_imap.c imap_do_open Function Double-free Memory Corruption A memory corruption flaw exists in PHP. The 'imap_do_open' function in the IMAP extension 'ext/imap/php_imap.c' fails to sanitize provided user credentials when opening the user mailbox folder resulting in memory corruption. With maliciously crafted user credentials, a local attacker can execute arbitrary code. |
69230 | PHP utf8_decode Function UTF-8 Encoding / Data Crafted String Protection Mech... |
69109 | PHP ZipArchive::getArchiveComment Function Crafted ZIP Archive NULL Dereferen... PHP contains a flaw related to the ZipArchive::getArchiveComment function that may allow a context-dependent denial of service. The issue is triggered via a maliciously crafted ZIP archive, and will result in loss of availability. |
68597 | PHP ext/filter/logical_filters.c php_filter_validate_email() Function Overflo... PHP is prone to an overflow condition. The 'php_filter_validate_email()' function in 'ext/filter/logical_filters.c' fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted overly long e-mail address string, a remote attacker can potentially cause a denial of service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-mod_php5-101110.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0919.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0195.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110203_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110203_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101129_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1358-2.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1358-1.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-7393.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1126-1.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1126-2.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-mod_php5-101110.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-mod_php5-101105.nasl - Type : ACT_GATHER_INFO |
2011-04-22 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_3_0_22.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-069.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-110310.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO |
2011-03-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2195.nasl - Type : ACT_GATHER_INFO |
2011-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0195.nasl - Type : ACT_GATHER_INFO |
2011-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2011-01-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1a0704e70edf11e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO |
2011-01-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2a41233d10e711e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO |
2011-01-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c623f05810e711e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1042-1.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-18976.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-19011.nasl - Type : ACT_GATHER_INFO |
2010-12-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-357-01.nasl - Type : ACT_GATHER_INFO |
2010-12-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-254.nasl - Type : ACT_GATHER_INFO |
2010-12-13 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_3_4.nasl - Type : ACT_GATHER_INFO |
2010-12-13 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_15.nasl - Type : ACT_GATHER_INFO |
2010-12-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-7221.nasl - Type : ACT_GATHER_INFO |
2010-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-101105.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0919.nasl - Type : ACT_GATHER_INFO |
2010-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0919.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-239.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-224.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-218.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:59 |
|