Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PHP
Опубликовано:8 января 2010 г.
Источник:
SecurityVulns ID:10505
Тип:удаленная
Уровень опасности:
7/10
Описание:Обход ограничений safe_mode, обход ограничений open_basedir, повреждения памяти.
Затронутые продукты:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.)
 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.)
 CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.)
 CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.)
Оригинальный текстdocumentPHP, PHP 5.2.12 Release Announcement (08.01.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород