Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PHP
дополнено с 28 сентября 2009 г.
Опубликовано:20 октября 2009 г.
Источник:
SecurityVulns ID:10269
Тип:библиотека
Уровень опасности:
7/10
Описание:Подмена сертификатов, повреждения памяти при разборе изображений, утечка информации.
Затронутые продукты:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index.")
 CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to "missing sanity checks around exif processing.")
 CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2009:284 ] gd (20.10.2009)
 documentdavid_(at)_majorsecurity.info, [MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full path disclosure (28.09.2009)
 documentdavid_(at)_majorsecurity.info, [MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure (28.09.2009)
 documentMANDRIVA, [ MDVSA-2009:248 ] php (28.09.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород