Vulnerabilities > CVE-2012-0830 - Resource Management Errors vulnerability in PHP 5.3.9

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
php
CWE-399
nessus
exploit available

Summary

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Vulnerable Configurations

Part Description Count
Application
Php
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPHP 5.4.0RC6 (64-bit) - Denial of Service. CVE-2012-0830. Dos exploit for php platform
idEDB-ID:18460
last seen2016-02-02
modified2012-02-04
published2012-02-04
reporterStefan Esser
sourcehttps://www.exploit-db.com/download/18460/
titlePHP 5.4.0RC6 64-bit - Denial of Service

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2012-041-02.NASL
    descriptionNew php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57893
    published2012-02-13
    reporterThis script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57893
    titleSlackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-041-02)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2012-041-02. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57893);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2013/06/01 00:44:11 $");
    
      script_cve_id("CVE-2012-0830");
      script_bugtraq_id(51830);
      script_xref(name:"SSA", value:"2012-041-02");
    
      script_name(english:"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-041-02)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0,
    13.1, 13.37, and -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.480146
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?de386a0e"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"12.0", pkgname:"php", pkgver:"5.3.10", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++;
    
    if (slackware_check(osver:"12.1", pkgname:"php", pkgver:"5.3.10", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++;
    
    if (slackware_check(osver:"12.2", pkgname:"php", pkgver:"5.3.10", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++;
    
    if (slackware_check(osver:"13.0", pkgname:"php", pkgver:"5.3.10", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++;
    if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"php", pkgver:"5.3.10", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++;
    
    if (slackware_check(osver:"13.1", pkgname:"php", pkgver:"5.3.10", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++;
    if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"php", pkgver:"5.3.10", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++;
    
    if (slackware_check(osver:"13.37", pkgname:"php", pkgver:"5.3.10", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++;
    if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"php", pkgver:"5.3.10", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.3.10", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.3.10", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_4.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.4. The newer version contains numerous security-related fixes for the following components : - Login Window - Bluetooth - curl - HFS - Kernel - libarchive - libsecurity - libxml - LoginUIFramework - PHP - Quartz Composer - QuickTime - Ruby - Security Framework - Time Machine - X11 Note that this update addresses the recent FileVault password vulnerability, in which user passwords are stored in plaintext to a system-wide debug log if the legacy version of FileVault is used to encrypt user directories after a system upgrade to Lion. Since the patch only limits further exposure, though, we recommend that all users on the system change their passwords if user folders were encrypted using the legacy version of FileVault prior to and after an upgrade to OS X 10.7.
    last seen2020-06-01
    modified2020-06-02
    plugin id59066
    published2012-05-10
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59066
    titleMac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);    # Avoid problems with large number of xrefs.
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(59066);
      script_version("1.27");
      script_cvs_date("Date: 2018/07/16 12:48:31");
    
      script_cve_id(
        "CVE-2011-1004",
        "CVE-2011-1005",
        "CVE-2011-1777",
        "CVE-2011-1778",
        "CVE-2011-1944",
        "CVE-2011-2821",
        "CVE-2011-2834",
        "CVE-2011-2895",
        "CVE-2011-3212",
        "CVE-2011-3389",
        "CVE-2011-3919",
        "CVE-2011-4566",
        "CVE-2011-4815",
        "CVE-2011-4885",
        "CVE-2012-0036",
        "CVE-2012-0642",
        "CVE-2012-0649",
        "CVE-2012-0652",
        "CVE-2012-0654",
        "CVE-2012-0655",
        "CVE-2012-0656",
        "CVE-2012-0657",
        "CVE-2012-0658",
        "CVE-2012-0659",
        "CVE-2012-0660",
        "CVE-2012-0661",
        "CVE-2012-0662",
        "CVE-2012-0675",
        "CVE-2012-0830"
      );
      script_bugtraq_id(
        46458,
        46460,
        47737,
        48056,
        49124,
        49279,
        49658,
        49778,
        50907,
        51193,
        51198,
        51300,
        51665,
        51830,
        52364,
        53456,
        53457,
        53459,
        53462,
        53465,
        53466,
        53467,
        53468,
        53469,
        53470,
        53471,
        53473
      );
      script_xref(name:"TRA", value:"TRA-2012-02");
      script_xref(name:"CERT", value:"864643");
      script_xref(name:"ZDI", value:"ZDI-12-135");
    
      script_name(english:"Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)");
      script_summary(english:"Check the version of Mac OS X.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes several
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.7.x that is prior
    to 10.7.4. The newer version contains numerous security-related fixes
    for the following components :
    
      - Login Window
      - Bluetooth
      - curl
      - HFS
      - Kernel
      - libarchive
      - libsecurity
      - libxml
      - LoginUIFramework
      - PHP
      - Quartz Composer
      - QuickTime
      - Ruby
      - Security Framework
      - Time Machine
      - X11
    
    Note that this update addresses the recent FileVault password
    vulnerability, in which user passwords are stored in plaintext to a
    system-wide debug log if the legacy version of FileVault is used to
    encrypt user directories after a system upgrade to Lion. Since the
    patch only limits further exposure, though, we recommend that all
    users on the system change their passwords if user folders were
    encrypted using the legacy version of FileVault prior to and after an
    upgrade to OS X 10.7."
      );
      script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2012-02");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5281");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-135");
      script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2012/Aug/64");
      script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/tls-cbc.txt");
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade to Mac OS X 10.7.4 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/10");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
     
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
    
      exit(0);
    }
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item("Host/OS");
      if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing.");
      if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X.");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) exit(0, "The host does not appear to be running Mac OS X.");
    
    
    if (ereg(pattern:"Mac OS X 10\.7($|\.[0-3]([^0-9]|$))", string:os)) security_hole(0);
    else exit(0, "The host is not affected as it is running "+os+".");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120202_PHP_ON_SL4_X.NASL
    descriptionPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via previous php packages) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61238
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61238
    titleScientific Linux Security Update : php on SL4.x, SL5.x, SL6.x i386/x86_64 (20120202)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2403.NASL
    descriptionStefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
    last seen2020-03-17
    modified2012-02-03
    plugin id57814
    published2012-02-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57814
    titleDebian DSA-2403-2 : php5 - code injection
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-065.NASL
    descriptionMultiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server (CVE-2012-0788). Note: this was fixed with php-5.3.10 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed with php-5.3.10 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c (CVE-2012-0831). Insufficient validating of upload name leading to corrupted $_FILES indices (CVE-2012-1172). The updated php packages have been upgraded to 5.3.11 which is not vulnerable to these issues. Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header (CVE-2012-0807). The php-suhosin packages has been upgraded to the 0.9.33 version which is not affected by this issue. Additionally some of the PECL extensions has been upgraded to their latest respective versions which resolves various upstream bugs.
    last seen2020-06-01
    modified2020-06-02
    plugin id58890
    published2012-04-27
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58890
    titleMandriva Linux Security Advisory : php (MDVSA-2012:065)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0092.NASL
    descriptionFrom Red Hat Security Advisory 2012:0092 : Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68448
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68448
    titleOracle Linux 5 : php53 (ELSA-2012-0092)
  • NASL familyCGI abuses
    NASL idPHP_5_3_10.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is 5.3.9. This version reportedly is affected by a code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability (CVE-2011-4885) itself has introduced a remote code execution vulnerability in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id57825
    published2012-02-03
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57825
    titlePHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-8009.NASL
    descriptionThis update of php5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in php5
    last seen2020-06-05
    modified2012-03-26
    plugin id58480
    published2012-03-26
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58480
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)
  • NASL familyWeb Servers
    NASL idHPSMH_7_1_1_1.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id59851
    published2012-07-05
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59851
    titleHP System Management Homepage < 7.1.1 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1358-1.NASL
    descriptionIt was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885) ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a
    last seen2020-06-01
    modified2020-06-02
    plugin id57888
    published2012-02-10
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57888
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0093.NASL
    descriptionUpdated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id57808
    published2012-02-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57808
    titleCentOS 4 / 5 / 6 : php (CESA-2012:0093)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0092.NASL
    descriptionUpdated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-04-16
    modified2012-02-03
    plugin id57820
    published2012-02-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57820
    titleRHEL 5 : php53 (RHSA-2012:0092)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0092.NASL
    descriptionUpdated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id57807
    published2012-02-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57807
    titleCentOS 5 : php53 (CESA-2012:0092)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120202_PHP53_ON_SL5_X.NASL
    descriptionPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via in a previous update for php53) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61237
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61237
    titleScientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120202)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1358-2.NASL
    descriptionUSN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. We apologize for the inconvenience. It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885) ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a
    last seen2020-06-01
    modified2020-06-02
    plugin id57932
    published2012-02-14
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57932
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 regression (USN-1358-2)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201209-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id62236
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62236
    titleGLSA-201209-03 : PHP: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-182.NASL
    descriptionphp5 security update
    last seen2020-06-05
    modified2014-06-13
    plugin id74580
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74580
    titleopenSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0093.NASL
    descriptionFrom Red Hat Security Advisory 2012:0093 : Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68449
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68449
    titleOracle Linux 4 / 5 / 6 : php (ELSA-2012-0093)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP5-120309.NASL
    descriptionThis update of php5 fixes multiple security flaws : - A php5 upload filename injection was fixed. (CVE-2011-2202) - A integer overflow in the EXIF extension was fixed that could be used by attackers to crash the interpreter or potentially read memory. (CVE-2011-4566) - Multiple NULL pointer dereferences were fixed that could lead to crashes. (CVE-2011-3182) - An integer overflow in the PHP calendar extension was fixed that could have led to crashes. (CVE-2011-1466) - A symlink vulnerability in the PEAR installer could be exploited by local attackers to inject code. (CVE-2011-1072) - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in the php5 Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831) Also the following bugs have been fixed : - allow uploading files bigger than 2GB for 64bit systems [bnc#709549] - amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671]
    last seen2020-06-05
    modified2012-04-13
    plugin id58740
    published2012-04-13
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58740
    titleSuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1262.NASL
    descriptionThis update has the latest release of PHP, 5.3.10, which fixes a security issue. A previous security fix introduced in PHP 5.3.9 allowed a remote user to crash the PHP interpreter, or possibly execute arbitrary code. (CVE-2012-0830) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-09
    plugin id57869
    published2012-02-09
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57869
    titleFedora 16 : maniadrive-1.2-32.fc16.2 / php-5.3.10-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.2 (2012-1262)
  • NASL familyCGI abuses
    NASL idPHP_5_3_9_ACE.NASL
    descriptionThe remote host is running a version of PHP that is affected by an arbitrary code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability (CVE-2011-4885) introduces a remote code execution vulnerability in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id58039
    published2012-02-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58039
    titlePHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0093.NASL
    descriptionUpdated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen2020-04-16
    modified2012-02-03
    plugin id57821
    published2012-02-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57821
    titleRHEL 4 / 5 / 6 : php (RHSA-2012:0093)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3FD040BE4F0B11E19E320025900931F8.NASL
    descriptionSecunia reports : A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a logic error within the
    last seen2020-06-01
    modified2020-06-02
    plugin id57830
    published2012-02-06
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57830
    titleFreeBSD : php -- arbitrary remote code execution vulnerability (3fd040be-4f0b-11e1-9e32-0025900931f8)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-41.NASL
    descriptionIt was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id69648
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69648
    titleAmazon Linux AMI : php (ALAS-2012-41)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL13519.NASL
    descriptionPHP has been cited with the following multiple vulnerabilities, which may be locally exploitable on some F5 products : CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. CVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. CVE-2010-3710 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. CVE-2010-3870 The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. CVE-2011-1470 The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. CVE-2011-3182 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. CVE-2011-3267 PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2011-3268 Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
    last seen2020-06-01
    modified2020-06-02
    plugin id78134
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78134
    titleF5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1301.NASL
    descriptionThis update contains the latest release of PHP, 5.3.10, which fixes a security issue. A security fix introduced in PHP 5.3.9 allowed a remote user to crash the PHP interpreter, or possibly, execute arbitrary code. (CVE-2012-0830) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-15
    plugin id57954
    published2012-02-15
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57954
    titleFedora 15 : maniadrive-1.2-32.fc15.2 / php-5.3.10-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.2 (2012-1301)

Redhat

advisories
  • bugzilla
    id786686
    titleCVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentphp53-mbstring is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092001
          • commentphp53-mbstring is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196040
        • AND
          • commentphp53-cli is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092003
          • commentphp53-cli is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196032
        • AND
          • commentphp53-pgsql is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092005
          • commentphp53-pgsql is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196024
        • AND
          • commentphp53-pspell is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092007
          • commentphp53-pspell is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196038
        • AND
          • commentphp53-xmlrpc is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092009
          • commentphp53-xmlrpc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196034
        • AND
          • commentphp53-pdo is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092011
          • commentphp53-pdo is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196036
        • AND
          • commentphp53-dba is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092013
          • commentphp53-dba is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196002
        • AND
          • commentphp53-process is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092015
          • commentphp53-process is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196012
        • AND
          • commentphp53 is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092017
          • commentphp53 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196006
        • AND
          • commentphp53-devel is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092019
          • commentphp53-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196004
        • AND
          • commentphp53-odbc is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092021
          • commentphp53-odbc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196042
        • AND
          • commentphp53-mysql is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092023
          • commentphp53-mysql is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196008
        • AND
          • commentphp53-imap is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092025
          • commentphp53-imap is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196016
        • AND
          • commentphp53-common is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092027
          • commentphp53-common is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196018
        • AND
          • commentphp53-ldap is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092029
          • commentphp53-ldap is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196020
        • AND
          • commentphp53-snmp is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092031
          • commentphp53-snmp is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196010
        • AND
          • commentphp53-soap is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092033
          • commentphp53-soap is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196022
        • AND
          • commentphp53-intl is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092035
          • commentphp53-intl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196014
        • AND
          • commentphp53-gd is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092037
          • commentphp53-gd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196030
        • AND
          • commentphp53-xml is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092039
          • commentphp53-xml is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196028
        • AND
          • commentphp53-bcmath is earlier than 0:5.3.3-1.el5_7.6
            ovaloval:com.redhat.rhsa:tst:20120092041
          • commentphp53-bcmath is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110196026
    rhsa
    idRHSA-2012:0092
    released2012-02-02
    severityCritical
    titleRHSA-2012:0092: php53 security update (Critical)
  • bugzilla
    id786686
    titleCVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentphp-xmlrpc is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093001
          • commentphp-xmlrpc is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276006
        • AND
          • commentphp-snmp is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093003
          • commentphp-snmp is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276014
        • AND
          • commentphp-mysql is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093005
          • commentphp-mysql is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276010
        • AND
          • commentphp is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093007
          • commentphp is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276012
        • AND
          • commentphp-mbstring is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093009
          • commentphp-mbstring is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276020
        • AND
          • commentphp-gd is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093011
          • commentphp-gd is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276026
        • AND
          • commentphp-ldap is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093013
          • commentphp-ldap is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276024
        • AND
          • commentphp-ncurses is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093015
          • commentphp-ncurses is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276016
        • AND
          • commentphp-devel is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093017
          • commentphp-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276028
        • AND
          • commentphp-imap is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093019
          • commentphp-imap is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276002
        • AND
          • commentphp-pear is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093021
          • commentphp-pear is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276018
        • AND
          • commentphp-domxml is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093023
          • commentphp-domxml is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276022
        • AND
          • commentphp-odbc is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093025
          • commentphp-odbc is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276008
        • AND
          • commentphp-pgsql is earlier than 0:4.3.9-3.36
            ovaloval:com.redhat.rhsa:tst:20120093027
          • commentphp-pgsql is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060276004
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentphp-odbc is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093030
          • commentphp-odbc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082010
        • AND
          • commentphp is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093032
          • commentphp is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082022
        • AND
          • commentphp-xmlrpc is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093034
          • commentphp-xmlrpc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082036
        • AND
          • commentphp-cli is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093036
          • commentphp-cli is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082030
        • AND
          • commentphp-soap is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093038
          • commentphp-soap is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082034
        • AND
          • commentphp-pgsql is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093040
          • commentphp-pgsql is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082028
        • AND
          • commentphp-mysql is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093042
          • commentphp-mysql is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082024
        • AND
          • commentphp-mbstring is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093044
          • commentphp-mbstring is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082014
        • AND
          • commentphp-dba is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093046
          • commentphp-dba is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082032
        • AND
          • commentphp-xml is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093048
          • commentphp-xml is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082008
        • AND
          • commentphp-pdo is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093050
          • commentphp-pdo is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082026
        • AND
          • commentphp-ldap is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093052
          • commentphp-ldap is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082012
        • AND
          • commentphp-gd is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093054
          • commentphp-gd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082018
        • AND
          • commentphp-ncurses is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093056
          • commentphp-ncurses is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082016
        • AND
          • commentphp-imap is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093058
          • commentphp-imap is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082004
        • AND
          • commentphp-snmp is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093060
          • commentphp-snmp is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082002
        • AND
          • commentphp-devel is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093062
          • commentphp-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082020
        • AND
          • commentphp-common is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093064
          • commentphp-common is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082038
        • AND
          • commentphp-bcmath is earlier than 0:5.1.6-27.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20120093066
          • commentphp-bcmath is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070082006
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentphp-ldap is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093069
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-common is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093071
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
        • AND
          • commentphp-gd is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093073
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093075
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
        • AND
          • commentphp-pdo is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093077
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-xmlrpc is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093079
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp-soap is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093081
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-xml is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093083
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-pgsql is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093085
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-mysql is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093087
          • commentphp-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195006
        • AND
          • commentphp-cli is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093089
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp-odbc is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093091
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-tidy is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093093
          • commentphp-tidy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195036
        • AND
          • commentphp-imap is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093095
          • commentphp-imap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195040
        • AND
          • commentphp-recode is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093097
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
        • AND
          • commentphp-snmp is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093099
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-embedded is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093101
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp-intl is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093103
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp-bcmath is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093105
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp-mbstring is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093107
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
        • AND
          • commentphp-devel is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093109
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-process is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093111
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp-enchant is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093113
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-dba is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093115
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-pspell is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093117
          • commentphp-pspell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195026
        • AND
          • commentphp-zts is earlier than 0:5.3.3-3.el6_2.6
            ovaloval:com.redhat.rhsa:tst:20120093119
          • commentphp-zts is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195032
    rhsa
    idRHSA-2012:0093
    released2012-02-02
    severityCritical
    titleRHSA-2012:0093: php security update (Critical)
rpms
  • php53-0:5.3.3-1.el5_7.6
  • php53-bcmath-0:5.3.3-1.el5_7.6
  • php53-cli-0:5.3.3-1.el5_7.6
  • php53-common-0:5.3.3-1.el5_7.6
  • php53-dba-0:5.3.3-1.el5_7.6
  • php53-debuginfo-0:5.3.3-1.el5_7.6
  • php53-devel-0:5.3.3-1.el5_7.6
  • php53-gd-0:5.3.3-1.el5_7.6
  • php53-imap-0:5.3.3-1.el5_7.6
  • php53-intl-0:5.3.3-1.el5_7.6
  • php53-ldap-0:5.3.3-1.el5_7.6
  • php53-mbstring-0:5.3.3-1.el5_7.6
  • php53-mysql-0:5.3.3-1.el5_7.6
  • php53-odbc-0:5.3.3-1.el5_7.6
  • php53-pdo-0:5.3.3-1.el5_7.6
  • php53-pgsql-0:5.3.3-1.el5_7.6
  • php53-process-0:5.3.3-1.el5_7.6
  • php53-pspell-0:5.3.3-1.el5_7.6
  • php53-snmp-0:5.3.3-1.el5_7.6
  • php53-soap-0:5.3.3-1.el5_7.6
  • php53-xml-0:5.3.3-1.el5_7.6
  • php53-xmlrpc-0:5.3.3-1.el5_7.6
  • php-0:4.3.9-3.36
  • php-0:5.1.6-27.el5_7.5
  • php-0:5.3.3-3.el6_2.6
  • php-bcmath-0:5.1.6-27.el5_7.5
  • php-bcmath-0:5.3.3-3.el6_2.6
  • php-cli-0:5.1.6-27.el5_7.5
  • php-cli-0:5.3.3-3.el6_2.6
  • php-common-0:5.1.6-27.el5_7.5
  • php-common-0:5.3.3-3.el6_2.6
  • php-dba-0:5.1.6-27.el5_7.5
  • php-dba-0:5.3.3-3.el6_2.6
  • php-debuginfo-0:4.3.9-3.36
  • php-debuginfo-0:5.1.6-27.el5_7.5
  • php-debuginfo-0:5.3.3-3.el6_2.6
  • php-devel-0:4.3.9-3.36
  • php-devel-0:5.1.6-27.el5_7.5
  • php-devel-0:5.3.3-3.el6_2.6
  • php-domxml-0:4.3.9-3.36
  • php-embedded-0:5.3.3-3.el6_2.6
  • php-enchant-0:5.3.3-3.el6_2.6
  • php-gd-0:4.3.9-3.36
  • php-gd-0:5.1.6-27.el5_7.5
  • php-gd-0:5.3.3-3.el6_2.6
  • php-imap-0:4.3.9-3.36
  • php-imap-0:5.1.6-27.el5_7.5
  • php-imap-0:5.3.3-3.el6_2.6
  • php-intl-0:5.3.3-3.el6_2.6
  • php-ldap-0:4.3.9-3.36
  • php-ldap-0:5.1.6-27.el5_7.5
  • php-ldap-0:5.3.3-3.el6_2.6
  • php-mbstring-0:4.3.9-3.36
  • php-mbstring-0:5.1.6-27.el5_7.5
  • php-mbstring-0:5.3.3-3.el6_2.6
  • php-mysql-0:4.3.9-3.36
  • php-mysql-0:5.1.6-27.el5_7.5
  • php-mysql-0:5.3.3-3.el6_2.6
  • php-ncurses-0:4.3.9-3.36
  • php-ncurses-0:5.1.6-27.el5_7.5
  • php-odbc-0:4.3.9-3.36
  • php-odbc-0:5.1.6-27.el5_7.5
  • php-odbc-0:5.3.3-3.el6_2.6
  • php-pdo-0:5.1.6-27.el5_7.5
  • php-pdo-0:5.3.3-3.el6_2.6
  • php-pear-0:4.3.9-3.36
  • php-pgsql-0:4.3.9-3.36
  • php-pgsql-0:5.1.6-27.el5_7.5
  • php-pgsql-0:5.3.3-3.el6_2.6
  • php-process-0:5.3.3-3.el6_2.6
  • php-pspell-0:5.3.3-3.el6_2.6
  • php-recode-0:5.3.3-3.el6_2.6
  • php-snmp-0:4.3.9-3.36
  • php-snmp-0:5.1.6-27.el5_7.5
  • php-snmp-0:5.3.3-3.el6_2.6
  • php-soap-0:5.1.6-27.el5_7.5
  • php-soap-0:5.3.3-3.el6_2.6
  • php-tidy-0:5.3.3-3.el6_2.6
  • php-xml-0:5.1.6-27.el5_7.5
  • php-xml-0:5.3.3-3.el6_2.6
  • php-xmlrpc-0:4.3.9-3.36
  • php-xmlrpc-0:5.1.6-27.el5_7.5
  • php-xmlrpc-0:5.3.3-3.el6_2.6
  • php-zts-0:5.3.3-3.el6_2.6

Seebug

bulletinFamilyexploit
descriptionCVE-2012-0830 Php是一款流行的编程语言 PHP在12月为哈希碰撞拒绝服务(CVE-2011-4885)(http://sebug.net/vuldb/ssvid-30001)提供的补丁引出了另一个严重的安全漏洞。 防止哈希碰撞的补丁在php.ini中引入了新的配置属性: max_input_vars 此配置元素限制用于请求中使用的变量数量(如http://request.com/foo.php?a=1&amp;b=2&amp;c=3),默认设置为1000。 漏洞修补在php_variables.c代码中的php_register_variable_ex函数中作了更改,不过当变量数超过max_input_vars,而变量又是数组变量时(if (*p == ‘['))可触发此漏洞。漏洞可导致任意代码执行。 0 PHP PHP 5.3.9 PHP PHP 5.3.8 PHP PHP 5.3.7 PHP PHP 5.3.6 PHP PHP 5.3.5 厂商解决方案 用户可参考如下供应商提供的安全补丁修复此漏洞: http://svn.php.net/viewvc/php/php-src/trunk/main/php_variables.c?view=markup&amp;pathrev=323007
idSSV:30071
last seen2017-11-19
modified2012-02-03
published2012-02-03
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-30071
titlePHP &quot;php_register_variable_ex()&quot;函数任意代码执行漏洞(CVE-2012-0830)