Executive Summary

Informations
Name CVE-2011-0441 First vendor Publication 2011-03-29
Vendor Cve Last vendor Modification 2017-08-17

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:C/A:C)
Cvss Base Score 6.3 Attack Range Local
Cvss Impact Score 9.2 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0441

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15236
 
Oval ID: oval:org.mitre.oval:def:15236
Title: USN-1358-1 -- PHP vulnerabilities
Description: php5: HTML-embedded scripting language interpreter Multiple vulnerabilities in PHP.
Family: unix Class: patch
Reference(s): USN-1358-1
CVE-2011-4885
CVE-2012-0830
CVE-2011-4153
CVE-2012-0057
CVE-2012-0788
CVE-2012-0831
CVE-2011-0441
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15505
 
Oval ID: oval:org.mitre.oval:def:15505
Title: USN-1358-2 -- PHP regression
Description: php5: HTML-embedded scripting language interpreter Details: USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get function. We apologize for the inconvenience. Original advisory USN 1358-1 introduced a regression in PHP.
Family: unix Class: patch
Reference(s): USN-1358-2
CVE-2012-0831
CVE-2011-4885
CVE-2012-0830
CVE-2011-4153
CVE-2012-0057
CVE-2012-0788
CVE-2011-0441
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): PHP
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2012-02-21 Name : Ubuntu Update for php5 USN-1358-2
File : nvt/gb_ubuntu_USN_1358_2.nasl
2012-02-13 Name : Ubuntu Update for php5 USN-1358-1
File : nvt/gb_ubuntu_USN_1358_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2195-1 (php5)
File : nvt/deb_2195_1.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-1
File : nvt/gb_ubuntu_USN_1126_1.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-2
File : nvt/gb_ubuntu_USN_1126_2.nasl
2011-04-11 Name : Mandriva Update for php MDVSA-2011:069 (php)
File : nvt/gb_mandriva_MDVSA_2011_069.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73706 PHP on Debian GNU/Linux /etc/cron.d/php5 Directory Symlink Arbitrary File Del...

Nessus® Vulnerability Scanner

Date Description
2012-02-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1358-2.nasl - Type : ACT_GATHER_INFO
2012-02-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1358-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1126-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1126-2.nasl - Type : ACT_GATHER_INFO
2011-04-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-069.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2195.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/46928
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618489
http://git.debian.org/?p=pkg-php/php.git;a=commit;h=d09fd04ed7bfcf7f008360c6a...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:069
VUPEN http://www.vupen.com/english/advisories/2011/0910
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/66180

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2020-05-23 00:27:40
  • Multiple Updates
2017-08-17 09:23:15
  • Multiple Updates
2016-04-26 20:30:12
  • Multiple Updates
2014-02-17 11:00:01
  • Multiple Updates
2013-05-10 22:53:27
  • Multiple Updates