Executive Summary
Summary | |
---|---|
Title | php53 security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0196 | First vendor Publication | 2011-02-03 |
Vendor | RedHat | Last vendor Modification | 2011-02-03 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated php53 packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only affected i386 systems. (CVE-2010-4645) A stack memory exhaustion flaw was found in the way the PHP filter_var() function validated email addresses. An attacker could use this flaw to crash the PHP interpreter by providing excessively long input to be validated as an email address. (CVE-2010-3710) A memory disclosure flaw was found in the PHP multi-byte string extension. If the mb_strcut() function was called with a length argument exceeding the input string size, the function could disclose a portion of the PHP interpreter's memory. (CVE-2010-4156) All php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 646684 - CVE-2010-3710 php: DoS in filter_var() via long email string 651682 - CVE-2010-4156 php information disclosure via mb_strcut() 667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0196.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for php53 CESA-2011:0196 centos5 x86_64 File : nvt/gb_CESA-2011_0196_php53_centos5_x86_64.nasl |
2012-06-21 | Name : PHP version smaller than 5.3.4 File : nvt/nopsec_php_5_3_4.nasl |
2012-06-05 | Name : RedHat Update for php RHSA-2011:0195-01 File : nvt/gb_RHSA-2011_0195-01_php.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-06 (php) File : nvt/glsa_201110_06.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-08-26 | Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001) File : nvt/secpod_macosx_su11-001.nasl |
2011-08-09 | Name : CentOS Update for php53 CESA-2011:0196 centos5 i386 File : nvt/gb_CESA-2011_0196_php53_centos5_i386.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2195-1 (php5) File : nvt/deb_2195_1.nasl |
2011-02-04 | Name : RedHat Update for php53 RHSA-2011:0196-01 File : nvt/gb_RHSA-2011_0196-01_php53.nasl |
2011-01-24 | Name : FreeBSD Ports: php5-filter File : nvt/freebsd_php5-filter.nasl |
2011-01-24 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php58.nasl |
2011-01-24 | Name : Fedora Update for php FEDORA-2011-0329 File : nvt/gb_fedora_2011_0329_php_fc14.nasl |
2011-01-24 | Name : Fedora Update for maniadrive-data FEDORA-2011-0321 File : nvt/gb_fedora_2011_0321_maniadrive-data_fc13.nasl |
2011-01-24 | Name : Fedora Update for maniadrive FEDORA-2011-0321 File : nvt/gb_fedora_2011_0321_maniadrive_fc13.nasl |
2011-01-24 | Name : Fedora Update for php-eaccelerator FEDORA-2011-0321 File : nvt/gb_fedora_2011_0321_php-eaccelerator_fc13.nasl |
2011-01-24 | Name : Fedora Update for php FEDORA-2011-0321 File : nvt/gb_fedora_2011_0321_php_fc13.nasl |
2011-01-24 | Name : Fedora Update for maniadrive-data FEDORA-2011-0329 File : nvt/gb_fedora_2011_0329_maniadrive-data_fc14.nasl |
2011-01-24 | Name : Fedora Update for maniadrive FEDORA-2011-0329 File : nvt/gb_fedora_2011_0329_maniadrive_fc14.nasl |
2011-01-24 | Name : Fedora Update for php-eaccelerator FEDORA-2011-0329 File : nvt/gb_fedora_2011_0329_php-eaccelerator_fc14.nasl |
2011-01-14 | Name : Ubuntu Update for php5 vulnerabilities USN-1042-1 File : nvt/gb_ubuntu_USN_1042_1.nasl |
2011-01-11 | Name : Fedora Update for php-eaccelerator FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_php-eaccelerator_fc14.nasl |
2011-01-11 | Name : Fedora Update for php FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_php_fc13.nasl |
2011-01-11 | Name : Fedora Update for php-eaccelerator FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_php-eaccelerator_fc13.nasl |
2011-01-11 | Name : Fedora Update for maniadrive FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_maniadrive_fc13.nasl |
2011-01-11 | Name : Fedora Update for php FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_php_fc14.nasl |
2011-01-11 | Name : Fedora Update for maniadrive FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_maniadrive_fc14.nasl |
2011-01-10 | Name : PHP 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerabi... File : nvt/gb_php_45668.nasl |
2010-12-28 | Name : Mandriva Update for php MDVSA-2010:254 (php) File : nvt/gb_mandriva_MDVSA_2010_254.nasl |
2010-11-23 | Name : PHP 'filter_var()' function Stack Consumption Vulnerability File : nvt/gb_php_stack_consumption_vuln.nasl |
2010-11-16 | Name : Mandriva Update for php MDVSA-2010:218 (php) File : nvt/gb_mandriva_MDVSA_2010_218.nasl |
2010-11-16 | Name : Mandriva Update for libmbfl MDVSA-2010:225 (libmbfl) File : nvt/gb_mandriva_MDVSA_2010_225.nasl |
2010-11-16 | Name : Mandriva Update for libmbfl MDVSA-2010:225-1 (libmbfl) File : nvt/gb_mandriva_MDVSA_2010_225_1.nasl |
2010-11-09 | Name : PHP 'mb_strcut()' Function Information Disclosure Vulnerability File : nvt/gb_php_44727.nasl |
2010-10-01 | Name : PHP 'phar_stream_flush' Format String Vulnerability File : nvt/secpod_php_format_string_vuln.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-010-01 php File : nvt/esoft_slk_ssa_2011_010_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70370 | PHP strtod.c zend_strtod Function x87 FPU Register DoS PHP contains a flaw in strtod.c, as used in the function 'zend_strtod' that may allow a context-dependent denial of service. This may allow an attacker to cause an infinite loop denial of service via a certain floating-point value in scientific notation, which x87 FPU registers fail to handle properly. |
69099 | PHP ext/mbstring/libmbfl/mbfl/mbfilter.c mb_strcut() Function length Paramete... PHP contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered due to an error in 'mbfl_strcut()' in 'ext/mbstring/libmbfl/mbfl/mbfilter.c', which may be exploited by passing a large 'length' parameter to the 'mb_strcut' function, which will disclose potentially sensitive information to a remote attacker. |
68597 | PHP ext/filter/logical_filters.c php_filter_validate_email() Function Overflo... PHP is prone to an overflow condition. The 'php_filter_validate_email()' function in 'ext/filter/logical_filters.c' fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted overly long e-mail address string, a remote attacker can potentially cause a denial of service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL12650.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-mod_php5-101110.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0195.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110203_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110203_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-7393.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-mod_php5-101110.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-mod_php5-101105.nasl - Type : ACT_GATHER_INFO |
2011-04-22 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_3_0_22.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-110310.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO |
2011-03-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2195.nasl - Type : ACT_GATHER_INFO |
2011-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0195.nasl - Type : ACT_GATHER_INFO |
2011-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-0329.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-0321.nasl - Type : ACT_GATHER_INFO |
2011-01-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c623f05810e711e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1042-1.nasl - Type : ACT_GATHER_INFO |
2011-01-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-010-01.nasl - Type : ACT_GATHER_INFO |
2011-01-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2b6ed5c71a7f11e0b61d000c29d1636d.nasl - Type : ACT_GATHER_INFO |
2011-01-07 | Name : The remote web server uses a version of PHP that is affected by a denial of s... File : php_5_3_5.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-19011.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-18976.nasl - Type : ACT_GATHER_INFO |
2010-12-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-254.nasl - Type : ACT_GATHER_INFO |
2010-12-13 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_3_4.nasl - Type : ACT_GATHER_INFO |
2010-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-101105.nasl - Type : ACT_GATHER_INFO |
2010-12-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-7221.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-225.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-218.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-08-23 09:26:29 |
|
2016-08-20 12:08:31 |
|
2016-06-28 20:10:06 |
|
2016-04-26 23:29:58 |
|
2014-02-17 11:54:18 |
|