Executive Summary
Summary | |
---|---|
Title | PHP5 regression |
Informations | |||
---|---|---|---|
Name | USN-1042-2 | First vendor Publication | 2011-01-13 |
Vendor | Ubuntu | Last vendor Modification | 2011-01-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: In general, a standard system update will make all the necessary changes. Details follow: USN-1042-1 fixed vulnerabilities in PHP5. The fix for CVE-2010-3436 introduced a regression in the open_basedir restriction handling code. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that attackers might be able to bypass open_basedir() |
Original Source
Url : http://www.ubuntu.com/usn/USN-1042-2 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.3.4 File : nvt/nopsec_php_5_3_4.nasl |
2012-06-21 | Name : PHP 5.2 < 5.2.15 File : nvt/nopsec_php_5_2_15.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-06 (php) File : nvt/glsa_201110_06.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-08-26 | Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001) File : nvt/secpod_macosx_su11-001.nasl |
2011-01-24 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php510.nasl |
2011-01-24 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php57.nasl |
2011-01-14 | Name : Ubuntu Update for php5 vulnerabilities USN-1042-1 File : nvt/gb_ubuntu_USN_1042_1.nasl |
2011-01-14 | Name : Ubuntu Update for php5 regression USN-1042-2 File : nvt/gb_ubuntu_USN_1042_2.nasl |
2011-01-11 | Name : Fedora Update for maniadrive FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_maniadrive_fc13.nasl |
2011-01-11 | Name : Fedora Update for php-eaccelerator FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_php-eaccelerator_fc13.nasl |
2011-01-11 | Name : Fedora Update for php FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_php_fc13.nasl |
2011-01-11 | Name : Fedora Update for php FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_php_fc14.nasl |
2011-01-11 | Name : Fedora Update for php-eaccelerator FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_php-eaccelerator_fc14.nasl |
2011-01-11 | Name : Fedora Update for maniadrive FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_maniadrive_fc14.nasl |
2010-12-28 | Name : Mandriva Update for php MDVSA-2010:254 (php) File : nvt/gb_mandriva_MDVSA_2010_254.nasl |
2010-11-16 | Name : Mandriva Update for php MDVSA-2010:218 (php) File : nvt/gb_mandriva_MDVSA_2010_218.nasl |
2010-10-01 | Name : PHP 'phar_stream_flush' Format String Vulnerability File : nvt/secpod_php_format_string_vuln.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-357-01 php File : nvt/esoft_slk_ssa_2010_357_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69110 | PHP fopen_wrappers.c Filename Length open_basedir Restriction Remote Bypass PHP contains a flaw related to the 'php_check_specific_open_basedir()' function in 'fopen_wrappers.c'. The issue is triggered when a remote attacker uses vectors related to filename length to bypass 'open_basedir' restrictions. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO |
2011-01-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1042-2.nasl - Type : ACT_GATHER_INFO |
2011-01-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_736342940fa711e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1042-1.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-18976.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-19011.nasl - Type : ACT_GATHER_INFO |
2010-12-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-357-01.nasl - Type : ACT_GATHER_INFO |
2010-12-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-254.nasl - Type : ACT_GATHER_INFO |
2010-12-13 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_15.nasl - Type : ACT_GATHER_INFO |
2010-12-13 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_3_4.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-218.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:10 |
|