Executive Summary

Summary
Title php security update
Informations
Name RHSA-2014:0311 First vendor Publication 2014-03-18
Vendor RedHat Last vendor Modification 2014-03-18
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689)

It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

539784 - CVE-2009-0689 array index error in dtoa implementation of many products 662707 - CVE-2006-7243 php: paths with NULL character were considered valid 1057555 - CVE-2009-0689 php: heap overflow in floating point parsing

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-0311.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-100 Overflow Buffers

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12569
 
Oval ID: oval:org.mitre.oval:def:12569
Title: NULL byte injection vulnerability in PHP before 5.3.4
Description: PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
Family: windows Class: vulnerability
Reference(s): CVE-2006-7243
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12913
 
Oval ID: oval:org.mitre.oval:def:12913
Title: DSA-1998-1 kdelibs -- buffer overflow
Description: Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-0lenny4. For the unstable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-3. We recommend that you upgrade your kdelibs packages.
Family: unix Class: patch
Reference(s): DSA-1998-1
CVE-2009-0689
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13490
 
Oval ID: oval:org.mitre.oval:def:13490
Title: USN-871-1 -- kdelibs vulnerability
Description: A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites.
Family: unix Class: patch
Reference(s): USN-871-1
CVE-2009-0689
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19494
 
Oval ID: oval:org.mitre.oval:def:19494
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
Description: PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
Family: unix Class: vulnerability
Reference(s): CVE-2006-7243
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22669
 
Oval ID: oval:org.mitre.oval:def:22669
Title: ELSA-2009:1601: kdelibs security update (Critical)
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: patch
Reference(s): ELSA-2009:1601-01
CVE-2009-0689
Version: 6
Platform(s): Oracle Linux 5
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23947
 
Oval ID: oval:org.mitre.oval:def:23947
Title: ELSA-2014:0311: php security update (Critical)
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: patch
Reference(s): ELSA-2014:0311-00
CVE-2006-7243
CVE-2009-0689
Version: 7
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24079
 
Oval ID: oval:org.mitre.oval:def:24079
Title: RHSA-2014:0311: php security update (Critical)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0311-00
CESA-2014:0311
CVE-2006-7243
CVE-2009-0689
Version: 11
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25660
 
Oval ID: oval:org.mitre.oval:def:25660
Title: SUSE-SU-2013:1828-1 -- Security update for ruby
Description: The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1828-1
CVE-2013-4164
CVE-2009-0689
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27015
 
Oval ID: oval:org.mitre.oval:def:27015
Title: DEPRECATED: ELSA-2014-0311 -- php security update (critical)
Description: [5.1.6-44] - add security fixes for CVE-2006-7243, CVE-2009-0689
Family: unix Class: patch
Reference(s): ELSA-2014-0311
CVE-2009-0689
CVE-2006-7243
Version: 4
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29365
 
Oval ID: oval:org.mitre.oval:def:29365
Title: RHSA-2009:1601 -- kdelibs security update (Critical)
Description: Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689)
Family: unix Class: patch
Reference(s): RHSA-2009:1601
CESA-2009:1601-CentOS 5
CVE-2009-0689
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6528
 
Oval ID: oval:org.mitre.oval:def:6528
Title: Mozilla Firefox Floating Point Memory Allocation Vulnerability
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0689
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6826
 
Oval ID: oval:org.mitre.oval:def:6826
Title: DSA-1998 kdelibs -- buffer overflow
Description: Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1998
CVE-2009-0689
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9541
 
Oval ID: oval:org.mitre.oval:def:9541
Title: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0689
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 18
Application 1
Application 364
Os 10
Os 1
Os 1

ExploitDB Exploits

id Description
2009-12-11 Sunbird 0.9 Array Overrun (code execution) 0day
2009-11-19 Opera 10.01 Remote Array Overrun
2009-11-19 K-Meleon 1.5.3 Remote Array Overrun
2009-11-19 SeaMonkey 1.1.8 Remote Array Overrun
2009-11-19 KDE KDELibs 4.3.3 Remote Array Overrun

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP version smaller than 5.3.4
File : nvt/nopsec_php_5_3_4.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-06 (php)
File : nvt/glsa_201110_06.nasl
2011-08-26 Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
File : nvt/secpod_macosx_su11-001.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386
File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kdelibs CESA-2009:1601 centos5 i386
File : nvt/gb_CESA-2009_1601_kdelibs_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kdelibs CESA-2009:1601 centos4 i386
File : nvt/gb_CESA-2009_1601_kdelibs_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1531 centos4 i386
File : nvt/gb_CESA-2009_1531_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1531 centos3 i386
File : nvt/gb_CESA-2009_1531_seamonkey_centos3_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:1530 centos4 i386
File : nvt/gb_CESA-2009_1530_firefox_centos4_i386.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-2
File : nvt/gb_ubuntu_USN_1126_2.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-1
File : nvt/gb_ubuntu_USN_1126_1.nasl
2011-02-01 Name : PHP Multiple Security Bypass Vulnerabilities
File : nvt/gb_php_mult_sec_bypass_vuln.nasl
2011-01-24 Name : FreeBSD Ports: php5
File : nvt/freebsd_php59.nasl
2011-01-24 Name : FreeBSD Ports: php5
File : nvt/freebsd_php57.nasl
2011-01-11 Name : Fedora Update for maniadrive FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_maniadrive_fc13.nasl
2011-01-11 Name : Fedora Update for php FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_php_fc14.nasl
2011-01-11 Name : Fedora Update for php-eaccelerator FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_php-eaccelerator_fc13.nasl
2011-01-11 Name : Fedora Update for php FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_php_fc13.nasl
2011-01-11 Name : Fedora Update for php-eaccelerator FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_php-eaccelerator_fc14.nasl
2011-01-11 Name : Fedora Update for maniadrive FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_maniadrive_fc14.nasl
2010-12-28 Name : Mandriva Update for php MDVSA-2010:254 (php)
File : nvt/gb_mandriva_MDVSA_2010_254.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-04-29 Name : Fedora Update for seamonkey FEDORA-2010-7100
File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl
2010-03-30 Name : FreeBSD Ports: seamonkey, linux-seamonkey
File : nvt/freebsd_seamonkey.nasl
2010-03-22 Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386
File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl
2010-03-22 Name : RedHat Update for thunderbird RHSA-2010:0154-02
File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl
2010-03-22 Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1
File : nvt/gb_ubuntu_USN_915_1.nasl
2010-02-25 Name : Debian Security Advisory DSA 1998-1 (kdelibs)
File : nvt/deb_1998_1.nasl
2010-01-29 Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_027.nasl
2010-01-29 Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_028.nasl
2009-12-14 Name : SLES11: Security update for kdelibs3
File : nvt/sles11_kdelibs3.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs)
File : nvt/mdksa_2009_330.nasl
2009-12-10 Name : FreeBSD Ports: opera
File : nvt/freebsd_opera19.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:290-1 (firefox)
File : nvt/mdksa_2009_290_1.nasl
2009-12-03 Name : RedHat Security Advisory RHSA-2009:1601
File : nvt/RHSA_2009_1601.nasl
2009-11-23 Name : Ubuntu USN-853-1 (xulrunner-1.9.1)
File : nvt/ubuntu_853_1.nasl
2009-11-11 Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-11-11 Name : SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox)
File : nvt/suse_sa_2009_052.nasl
2009-11-11 Name : SLES10: Security update for Mozilla XULRunner
File : nvt/sles10_mozilla-xulrunn0.nasl
2009-11-11 Name : SLES11: Security update for Mozilla XULRunner
File : nvt/sles11_mozilla-xulrunn1.nasl
2009-11-11 Name : SLES11: Security update for Mozilla Firefox
File : nvt/sles11_MozillaFirefox7.nasl
2009-11-11 Name : SLES11: Security update for Mozilla
File : nvt/sles11_mozilla-nspr.nasl
2009-11-11 Name : SLES10: Security update for mozilla-nspr
File : nvt/sles10_mozilla-nspr0.nasl
2009-11-11 Name : SLES10: Security update for Mozilla Firefox
File : nvt/sles10_MozillaFirefox7.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1531
File : nvt/RHSA_2009_1531.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1531 (seamonkey)
File : nvt/ovcesa2009_1531.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1530 (firefox)
File : nvt/ovcesa2009_1530.nasl
2009-11-11 Name : Mandriva Security Advisory MDVSA-2009:290 (firefox)
File : nvt/mdksa_2009_290.nasl
2009-11-11 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox42.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-10981 (blam)
File : nvt/fcore_2009_10981.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10878 (chmsee)
File : nvt/fcore_2009_10878.nasl
2009-11-11 Name : Debian Security Advisory DSA 1931-1 (nspr)
File : nvt/deb_1931_1.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1530
File : nvt/RHSA_2009_1530.nasl
2009-11-02 Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win)
File : nvt/gb_firefox_mult_vuln_nov09_win.nasl
2009-11-02 Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux)
File : nvt/gb_firefox_mult_vuln_nov09_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70606 PHP Pathname \0 Character file_exists Function Access Restriction Bypass

PHP contains a flaw related to the accepting of the \0 character in a pathname. This may allow a context-dependent attacker to bypass access restrictions by combining this character with a safe file extension, such as .php\0.jpg.
63646 J Programming Language libc dtoa Implementation Floating Point Parsing Memory...

63641 Matlab libc dtoa Implementation Floating Point Parsing Memory Corruption

63639 Apple Mac OS X libc dtoa Implementation Floating Point Parsing Memory Corruption

62402 K-Meleon libc dtoa Implementation Floating Point Parsing Memory Corruption

61189 Mozilla Sunbird libc dtoa Implementation Floating Point Parsing Memory Corrup...

61188 Flock Browser libc dtoa Implementation Floating Point Parsing Memory Corruption

61187 KDE kdelibs libc dtoa Implementation Floating Point Parsing Memory Corruption

61186 Opera libc dtoa Implementation Floating Point Parsing Memory Corruption

61091 Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem...

55603 libc gdtoa/misc.c dtoa() Implementation printf Function Array Overflow

Snort® IPS/IDS

Date Description
2014-01-10 Mozilla products floating point buffer overflow attempt
RuleID : 21155 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla products floating point buffer overflow attempt
RuleID : 21154 - Revision : 6 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2018-11-02 Name : The remote Debian host is missing a security update.
File : debian_DLA-1564.nasl - Type : ACT_GATHER_INFO
2016-12-01 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2958-1.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-6dec4e6d5f.nasl - Type : ACT_GATHER_INFO
2016-03-01 Name : The remote Debian host is missing a security update.
File : debian_DLA-444.nasl - Type : ACT_GATHER_INFO
2016-01-28 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0257-1.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16993.nasl - Type : ACT_GATHER_INFO
2016-01-04 Name : The remote Debian host is missing a security update.
File : debian_DLA-376.nasl - Type : ACT_GATHER_INFO
2016-01-04 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4b3a7e70afce11e5b86414dae9d210b8.nasl - Type : ACT_GATHER_INFO
2015-09-08 Name : The remote Debian host is missing a security update.
File : debian_DLA-307.nasl - Type : ACT_GATHER_INFO
2015-08-20 Name : The remote application is affected by multiple vulnerabilities.
File : securitycenter_php_5_4_41.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-162-02.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8370.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8383.nasl - Type : ACT_GATHER_INFO
2015-05-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8281.nasl - Type : ACT_GATHER_INFO
2015-05-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_31de2e1300d211e5a072d050996490d0.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_41.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_25.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_6_9.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0312.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO
2014-03-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140318_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2013-12-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ruby-131125.nasl - Type : ACT_GATHER_INFO
2013-12-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130930_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-03 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091124_kdelibs_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-10-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1126-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1126-2.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO
2011-01-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3761df020f9c11e0becc0022156e8794.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-18976.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-19011.nasl - Type : ACT_GATHER_INFO
2010-12-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-254.nasl - Type : ACT_GATHER_INFO
2010-12-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_4.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6609.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kdelibs3-6692.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6631.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6617.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-294.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-027.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-028.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12616.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-03-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1931.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1998.nasl - Type : ACT_GATHER_INFO
2010-01-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kdelibs4-100107.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO
2009-12-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO
2009-12-22 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12563.nasl - Type : ACT_GATHER_INFO
2009-12-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-871-1.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kdelibs3-091204.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kdelibs3-6691.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-290.nasl - Type : ACT_GATHER_INFO
2009-12-02 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_6431c4dbdeb411de90780030843d3802.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-25 Name : The remote host contains a web browser that is affected by multiple issues.
File : opera_1010.nasl - Type : ACT_GATHER_INFO
2009-11-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-853-2.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-nspr-091103.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6630.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-10981.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-091103.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-091102.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-091030.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-091030.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6606.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6616.nasl - Type : ACT_GATHER_INFO
2009-11-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-853-1.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-10878.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c87aa2d2c3c411deab08000f20797ede.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3015.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_354.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote host contains a web browser that is affected by a buffer overflow ...
File : google_chrome_3_0_195_24.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-03-20 13:21:41
  • Multiple Updates
2014-03-19 00:18:30
  • First insertion