PHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 5616

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP prior to 5.2.14, or 5.3.x prior to 5.3.3 are affected by the following vulnerabilities :

- An information disclosure vulnerability in 'var_export()' when a fatal error occurs.
- A resource destruction issue in 'shm_put_var()'.
- A possible information leak because of an interruption of XOR operator.
- A memory corruption issue caused by an unexpected call-time pass by reference and the following memory clobbering through callbacks.
- A memory corruption issue in 'ArrayObject::uasort()'.
- A memory corruption issue in 'parse_str()'.
- A memory corruption issue in 'pack()'.
- A memory corruption issue in 'substr_replace()'.
- A memory corruption issue in 'addcslashes()'.
- A stack exhaustion issue in 'fnmatch()'.
- A buffer overflow vulnerability in the dechunking filter.
- An arbitrary memory access issue in the sqlite extension.
- A string format validation issue in the phar extension.
- An unspecified issue relating to the handling of session variable serialization on certain prefix characters.
- A NULL pointer dereference issue when processing invalid XML-RPC requests.
- An unserialization issue in 'SplObjectStorage'.
- Buffer overflow vulnerabilities in 'mysqlnd_list_fields' and 'mysqlnd_change_user'.
- Buffer overflows when handling error packets in mysqlnd.
- A flaw affects 'sqlite_single_query()' and 'sqlite_array_query()' methods included in the 'ext/sqlite/sqlite.c' source file. Specifically, the 'rres' resource is not properly initialized before use which may trigger a double-free condition when an empty query is passed to the 'real_result_dtor()' function.

Solution

Upgrade to PHP version 5.2.14, 5.3.3, or later.

See Also

http://www.php.net/releases/5_3_3.php

http://www.php.net/releases/5_2_14.php

http://www.php.net/ChangeLog-5.php#5.3.3

http://www.php.net/ChangeLog-5.php#5.2.14

http://seclists.org/fulldisclosure/2011/Oct/483

Plugin Details

Severity: High

ID: 5616

Family: Web Servers

Published: 7/27/2010

Updated: 3/6/2019

Nessus ID: 48244, 48245

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 7/22/2010

Vulnerability Publication Date: 7/22/2010

Reference Information

CVE: CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1868, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531

BID: 38708, 41991, 40013, 40948, 78962