The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

PHP was updated to version 5.3.3 to fix serveral security issues.

(CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1866, CVE-2010-1914, CVE-2010-1915, CVE-2010-1917, CVE-2010-2093, CVE-2010-2094, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065)

From Red Hat Security Advisory 2010:0919 :

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

An input validation flaw was discovered in the PHP session serializer.
If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065)

An information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531)

A numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)

It was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default.
This update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128)

It was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917)

A NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially crafted XML-RPC request.
(CVE-2010-0397)

All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

An input validation flaw was discovered in the PHP session serializer.
If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065)

An information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531)

A numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)

It was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default.
This update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128)

It was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917)

A NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially crafted XML-RPC request.
(CVE-2010-0397)

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

The remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the       CVE identifiers referenced below for details.
  Impact :

    A context-dependent attacker could execute arbitrary code, obtain       sensitive information from process memory, bypass intended access       restrictions, or cause a Denial of Service in various ways.
    A remote attacker could cause a Denial of Service in various ways,       bypass spam detections, or bypass open_basedir restrictions.
  Workaround :

    There is no known workaround at this time.

Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code.

  - CVE-2010-2531     An information leak was found in the var_export()     function.

  - CVE-2011-0421     The Zip module could crash.

  - CVE-2011-0708     An integer overflow was discovered in the Exif module.

  - CVE-2011-1466     An integer overflow was discovered in the Calendar     module.

  - CVE-2011-1471     The Zip module was prone to denial of service through     malformed archives.

  - CVE-2011-2202     Path names in form based file uploads (RFC 1867) were     incorrectly validated.

This update also fixes two bugs, which are not treated as security issues, but fixed nonetheless, see README.Debian.security for details on the scope of security support for PHP (CVE-2011-0420, CVE-2011-1153 ).

According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 6.3.  Such versions are reportedly affected by the following vulnerabilities :

  - An error exists in the function 'fnmatch' in the     bundled version of PHP that can lead to stack     exhaustion. (CVE-2010-1917)

  - An information disclosure vulnerability exists in the     'var_export' function in the bundled version of PHP     that can be triggered when handling certain error     conditions. (CVE-2010-2531)

  - A double free vulnerability in the     'ssl3_get_key_exchange()' function in the third-party     OpenSSL library could be abused to crash the     application. (CVE-2010-2939)

  - A format string vulnerability in the phar extension     in the bundled version of PHP could lead to the     disclosure of memory contents and possibly allow     execution of arbitrary code via a specially crafted     'phar://' URI. (CVE-2010-2950)

  - A NULL pointer dereference in     'ZipArchive::getArchiveComment' included with the     bundled version of PHP can be abused to crash the     application. (CVE-2010-3709)

  - The bundled version of libxml2 may read from invalid     memory locations when processing malformed XPath     expressions, resulting in an application crash.
    (CVE-2010-4008)

  - An error in the 'mb_strcut()' function in the bundled     version of PHP can be exploited by passing a large     'length' parameter to disclose potentially sensitive     information from the heap. (CVE-2010-4156)

  - An as-yet unspecified remote code execution     vulnerability could allow an authenticated user to     execute arbitrary code with system privileges.
    (CVE-2011-1540)

  - An as-yet unspecified, unauthorized access vulnerability     could lead to a complete system compromise.
    (CVE-2011-1541)

PHP was updated to version 5.2.14 to fix serveral security issues :

  - CVE-2010-1860

  - CVE-2010-1862

  - CVE-2010-1864

  - CVE-2010-1914

  - CVE-2010-1915

  - CVE-2010-1917

  - CVE-2010-2093

  - CVE-2010-2094

  - CVE-2010-2097

  - CVE-2010-2100

  - CVE-2010-2101

  - CVE-2010-2190

  - CVE-2010-2191

  - CVE-2010-2225

  - CVE-2010-2484

  - CVE-2010-2531

  - CVE-2010-3062

  - CVE-2010-3063

  - CVE-2010-3064

  - CVE-2010-3065

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

An input validation flaw was discovered in the PHP session serializer.
If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065)

An information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531)

A numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)

It was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default.
This update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128)

It was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917)

A NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially crafted XML-RPC request.
(CVE-2010-0397)

All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Versions of Mac OS X 10.6 earlier than 10.6.5 are potentially affected by multiple vulnerabilities.  Mac OS X 10.6.5 contains security fixes for the following products :

  - AFP Server

  - Apache mod_perl

  - Apache

  - AppKit

  - ATS

  - CFNetwork

  - CoreGraphics

  - CoreText

  - CUPS

  - Directory Services

  - diskdev_cmds

Disk Images

  - Flash Player plug-in

  - gzip

  - Image Capture

  - ImageIO

  - Image RAW

  - Kernel

  - MySQL

  - neon

  - Networking

  - OpenLDAP

  - OpenSSL

  - Password Server

  - PHP

  - Printing

  - python

  - QuickLook

  - QuickTime

  - Safari RSS

  - Time Machine

  - Wiki Server

  - X11

  - xar

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. 

This security update contains fixes for the following products :

  - AFP Server
  - Apache mod_perl
  - ATS
  - CFNetwork
  - CoreGraphics
  - CoreText
  - CUPS
  - Directory Services
  - diskdev_cmds
  - Disk Images
  - Flash Player plug-in
  - gzip
  - ImageIO
  - Image RAW
  - MySQL
  - Password Server
  - PHP
  - Printing
  - python
  - QuickLook
  - Safari RSS
  - Wiki Server
  - X11

The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5.

Mac OS X 10.6.5 contains security fixes for the following products :

  - AFP Server
  - Apache mod_perl
  - Apache
  - AppKit
  - ATS
  - CFNetwork
  - CoreGraphics
  - CoreText
  - CUPS
  - Directory Services
  - diskdev_cmds
  - Disk Images
  - Flash Player plug-in
  - gzip
  - Image Capture
  - ImageIO
  - Image RAW
  - Kernel
  - MySQL
  - neon
  - Networking
  - OpenLDAP
  - OpenSSL
  - Password Server
  - PHP
  - Printing
  - python
  - QuickLook
  - QuickTime
  - Safari RSS
  - Time Machine
  - Wiki Server
  - X11
  - xar

PHP was updated to version 5.2.14 to fix several security issues :

- [CVE-2010-1860](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1860)

- [CVE-2010-1862](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1862)

- [CVE-2010-1864](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1864)

- [CVE-2010-1914](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1914)

- [CVE-2010-1915](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1915)

- [CVE-2010-1917](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-1917)

- [CVE-2010-2093](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2093)

- [CVE-2010-2094](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2094)

- [CVE-2010-2097](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2097)

- [CVE-2010-2100](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2100)

- [CVE-2010-2101](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2101)

- [CVE-2010-2190](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2190)

- [CVE-2010-2191](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2191)

- [CVE-2010-2225](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2225)

- [CVE-2010-2484](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2484)

- [CVE-2010-2531](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-2531)

- [CVE-2010-3062](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3062)

- [CVE-2010-3063](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3063)

- [CVE-2010-3064](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3064)

- [CVE-2010-3065](http://cve.mitre.org/cgi-bin/cvename.cgi?nam e=CVE-2010-3065)

Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397)

It was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. An attacker could exploit this issue to predict values that were intended to be random, such as session cookies. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1128)

It was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-1129)

Grzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1130)

Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. An attacker could exploit this issue to cause the PHP server to crash and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 10.04 LTS.
(CVE-2010-1866)

Mateusz Kocielski discovered that certain PHP SQLite functions incorrectly handled empty SQL queries. An attacker could exploit this issue to possibly execute arbitrary code with application privileges.
(CVE-2010-1868)

Mateusz Kocielski discovered that PHP incorrectly handled certain arguments to the fnmatch function. An attacker could exploit this flaw and cause the PHP server to consume all available stack memory, resulting in a denial of service. (CVE-2010-1917)

Stefan Esser discovered that PHP incorrectly handled certain strings in the phar extension. An attacker could exploit this flaw to possibly view sensitive information. This issue only affected Ubuntu 10.04 LTS.
(CVE-2010-2094, CVE-2010-2950)

Stefan Esser discovered that PHP incorrectly handled deserialization of SPLObjectStorage objects. A remote attacker could exploit this issue to view sensitive information and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 8.04 LTS, 9.04, 9.10 and 10.04 LTS. (CVE-2010-2225)

It was discovered that PHP incorrectly filtered error messages when limits for memory, execution time, or recursion were exceeded. A remote attacker could exploit this issue to possibly view sensitive information. (CVE-2010-2531)

Stefan Esser discovered that the PHP session serializer incorrectly handled the PS_UNDEF_MARKER marker. An attacker could exploit this issue to alter arbitrary session variables. (CVE-2010-3065).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-005 applied. 

This security update contains fixes for the following products :

  - ATS
  - CFNetwork
  - ClamAV
  - CoreGraphics
  - libsecurity
  - PHP
  - Samba

According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.3.  Such versions may be affected by several security issues :

  - An error exists when processing invalid XML-RPC     requests that can lead to a NULL pointer     dereference. (bug #51288) (CVE-2010-0397)

  - An error exists in the function 'shm_put_var' that     is related to resource destruction.

  - An error exists in the function 'fnmatch' that can lead     to stack exhaustion. (CVE-2010-1917)

  - A memory corruption error exists related to call-time     pass by reference and callbacks.

  - The dechunking filter is vulnerable to buffer overflow.

  - An error exists in the sqlite extension that could     allow arbitrary memory access.

  - An error exists in the 'phar' extension related to     string format validation.

  - The functions 'mysqlnd_list_fields' and     'mysqlnd_change_user' are vulnerable to buffer overflow.

  - The Mysqlnd extension is vulnerable to buffer overflow     attack when handling error packets.

  - The following functions are not properly protected     against function interruptions :

    addcslashes, chunk_split, html_entity_decode,     iconv_mime_decode, iconv_substr, iconv_mime_encode,     htmlentities, htmlspecialchars, str_getcsv,     http_build_query, strpbrk, strtr, str_pad,     str_word_count, wordwrap, strtok, setcookie,     strip_tags, trim, ltrim, rtrim, substr_replace,     parse_str, pack, unpack, uasort, preg_match, strrchr     (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,     CVE-2010-2097, CVE-2010-2100, CVE-2010-2101,     CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)

  - The following opcodes are not properly protected     against function interruptions :

    ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW, XOR     (CVE-2010-2191)

  - The default session serializer contains an error     that can be exploited when assigning session     variables having user defined names. Arbitrary     serialized values can be injected into sessions by     including the PS_UNDEF_MARKER, '!', character in     variable names.

  - A use-after-free error exists in the function     'spl_object_storage_attach'. (CVE-2010-2225)

  - An information disclosure vulnerability exists in the     function 'var_export' when handling certain error     conditions. (CVE-2010-2531)

According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14.  Such versions may be affected by several security issues :

  - An error exists when processing invalid XML-RPC     requests that can lead to a NULL pointer     dereference. (bug #51288) (CVE-2010-0397)

  - An error exists in the function 'fnmatch' that can lead     to stack exhaustion.

  - An error exists in the sqlite extension that could     allow arbitrary memory access.

  - A memory corruption error exists in the function     'substr_replace'.

  - The following functions are not properly protected     against function interruptions :

    addcslashes, chunk_split, html_entity_decode,     iconv_mime_decode, iconv_substr, iconv_mime_encode,     htmlentities, htmlspecialchars, str_getcsv,     http_build_query, strpbrk, strstr, str_pad,     str_word_count, wordwrap, strtok, setcookie,     strip_tags, trim, ltrim, rtrim, parse_str, pack, unpack,     uasort, preg_match, strrchr, strchr, substr, str_repeat     (CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,     CVE-2010-2097, CVE-2010-2100, CVE-2010-2101,     CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)

  - The following opcodes are not properly protected     against function interruptions :

    ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW     (CVE-2010-2191)

  - The default session serializer contains an error     that can be exploited when assigning session     variables having user defined names. Arbitrary     serialized values can be injected into sessions by     including the PS_UNDEF_MARKER, '!', character in     variable names.

  - A use-after-free error exists in the function     'spl_object_storage_attach'. (CVE-2010-2225)

  - An information disclosure vulnerability exists in the     function 'var_export' when handling certain error     conditions. (CVE-2010-2531)

This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1.

Security Enhancements and Fixes in PHP 5.3.3 :

  - Rewrote var_export() to use smart_str rather than output     buffering, prevents data disclosure if a fatal error     occurs (CVE-2010-2531).

  - Fixed a possible resource destruction issues in     shm_put_var().

    - Fixed a possible information leak because of       interruption of XOR operator.

  - Fixed a possible memory corruption because of unexpected     call-time pass by refernce and following memory     clobbering through callbacks.

  - Fixed a possible memory corruption in     ArrayObject::uasort().

    - Fixed a possible memory corruption in parse_str().

    - Fixed a possible memory corruption in pack().

    - Fixed a possible memory corruption in       substr_replace().

    - Fixed a possible memory corruption in addcslashes().

    - Fixed a possible stack exhaustion inside fnmatch().

    - Fixed a possible dechunking filter buffer overflow.

    - Fixed a possible arbitrary memory access inside sqlite       extension.

    - Fixed string format validation inside phar extension.

    - Fixed handling of session variable serialization on       certain prefix characters.

  - Fixed a NULL pointer dereference when processing invalid     XML-RPC requests (Fixes CVE-2010-0397, bug #51288).

  - Fixed SplObjectStorage unserialization problems     (CVE-2010-2225).

    - Fixed possible buffer overflows in       mysqlnd_list_fields, mysqlnd_change_user.

  - Fixed possible buffer overflows when handling error     packets in mysqlnd.

Additionally some of the third-party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.

This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1.

Security Enhancements and Fixes in PHP 5.2.14 :

  - Rewrote var_export() to use smart_str rather than output     buffering, prevents data disclosure if a fatal error     occurs (CVE-2010-2531).

  - Fixed a possible interruption array leak in     strrchr().(CVE-2010-2484)

  - Fixed a possible interruption array leak in strchr(),     strstr(), substr(), chunk_split(), strtok(),     addcslashes(), str_repeat(), trim().

  - Fixed a possible memory corruption in substr_replace().

    - Fixed SplObjectStorage unserialization problems       (CVE-2010-2225).

    - Fixed a possible stack exaustion inside fnmatch().

    - Fixed a NULL pointer dereference when processing       invalid XML-RPC requests (Fixes CVE-2010-0397, bug       #51288).

  - Fixed handling of session variable serialization on     certain prefix characters.

  - Fixed a possible arbitrary memory access inside sqlite     extension. Reported by Mateusz Kocielski.

Additionally some of the third-party extensions has been upgraded and/or rebuilt for the new php version.

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90

According to its banner the version of PHP installed on the remote host is earlier than 5.3.3 / 5.2.14.  Such version are potentially affected by multiple vulnerabilities :

  - An information disclosure vulnerability in var_export() when a fatal error occurs.

  - A resource destruction issue in shm_put_var().

  - A possible information leak because of an interruption of XOR operator.

  - A memory corruption issue caused by an unexpected call-time pass by reference and the following memory clobbering through callbacks.

  - A memory corruption issue in ArrayObject::uasort().

  - A memory corruption issue in parse_str().

  - A memory corruption issue in pack().

  - A memory corruption issue in substr_replace().

  - A memory corruption issue in addcslashes().

  - A stack exhaustion issue in fnmatch().

  - A buffer overflow vulnerability in the dechunking filter.

  - An arbitrary memory access issue in the sqlite extension.

  - A string format validation issue in the phar extension.

  - An unspecified issue relating to the handling of session variable serialization on certain prefix characters.

  - A NULL pointer dereference issue when processing invalid XML-RPC requests.

  - An unserialization issue in SplObjectStorage.

  - Buffer overflow vulnerabilities in mysqlnd_list_fields and mysqlnd_change_user.

  - Buffer overflows when handling error packets in mysqlnd.

Versions of PHP prior to 5.2.14, or 5.3.x prior to 5.3.3 are affected by the following vulnerabilities :

 - An information disclosure vulnerability in 'var_export()' when a fatal error occurs.
 - A resource destruction issue in 'shm_put_var()'.
 - A possible information leak because of an interruption of XOR operator.
 - A memory corruption issue caused by an unexpected call-time pass by reference and the following memory clobbering through callbacks.
 - A memory corruption issue in 'ArrayObject::uasort()'.
 - A memory corruption issue in 'parse_str()'.
 - A memory corruption issue in 'pack()'.
 - A memory corruption issue in 'substr_replace()'.
 - A memory corruption issue in 'addcslashes()'.
 - A stack exhaustion issue in 'fnmatch()'.
 - A buffer overflow vulnerability in the dechunking filter.
 - An arbitrary memory access issue in the sqlite extension.
 - A string format validation issue in the phar extension.
 - An unspecified issue relating to the handling of session variable serialization on certain prefix characters.
 - A NULL pointer dereference issue when processing invalid XML-RPC requests.
 - An unserialization issue in 'SplObjectStorage'.
 - Buffer overflow vulnerabilities in 'mysqlnd_list_fields' and 'mysqlnd_change_user'.
 - Buffer overflows when handling error packets in mysqlnd.
 - A flaw affects 'sqlite_single_query()' and 'sqlite_array_query()' methods included in the 'ext/sqlite/sqlite.c' source file. Specifically, the 'rres' resource is not properly initialized before use which may trigger a double-free condition when an empty query is passed to the 'real_result_dtor()' function.

ID	Name	Product	Family	Severity
75429	openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)	Nessus	SuSE Local Security Checks	high
68150	Oracle Linux 4 / 5 : php (ELSA-2010-0919)	Nessus	Oracle Linux Local Security Checks	medium
60908	Scientific Linux Security Update : php on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
56459	GLSA-201110-06 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
55486	Debian DSA-2266-1 : php5 - several vulnerabilities	Nessus	Debian Local Security Checks	high
53532	HP System Management Homepage < 6.3 Multiple Vulnerabilities	Nessus	Web Servers	critical
50890	SuSE 11 / 11.1 Security Update : Apache 2 (SAT Patch Numbers 2880 / 2881)	Nessus	SuSE Local Security Checks	high
50862	CentOS 4 / 5 : php (CESA-2010:0919)	Nessus	CentOS Local Security Checks	medium
50841	RHEL 4 / 5 : php (RHSA-2010:0919)	Nessus	Red Hat Local Security Checks	medium
5705	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
50549	Mac OS X Multiple Vulnerabilities (Security Update 2010-007)	Nessus	MacOS X Local Security Checks	critical
50548	Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
49830	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7110)	Nessus	SuSE Local Security Checks	high
49752	openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0678-1)	Nessus	SuSE Local Security Checks	high
49306	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : php5 vulnerabilities (USN-989-1)	Nessus	Ubuntu Local Security Checks	high
49210	openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0599-1)	Nessus	SuSE Local Security Checks	high
48424	Mac OS X Multiple Vulnerabilities (Security Update 2010-005)	Nessus	MacOS X Local Security Checks	high
48245	PHP 5.3 < 5.3.3 Multiple Vulnerabilities	Nessus	CGI abuses	high
48244	PHP 5.2 < 5.2.14 Multiple Vulnerabilities	Nessus	CGI abuses	high
48198	Mandriva Linux Security Advisory : php (MDVSA-2010:140)	Nessus	Mandriva Local Security Checks	high
48197	Mandriva Linux Security Advisory : php (MDVSA-2010:139)	Nessus	Mandriva Local Security Checks	high
801070	PHP < 5.3.3 / 5.2.14 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	high
5616	PHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high

Detections

Analytics

CVE-2010-2531

high

Tenable Plugins

high

medium

medium

critical

high

critical

high

medium

medium

critical

critical

critical

high

high

high

high

high

high

high

high

high

high

high