Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PHP
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10820
Тип:библиотека
Уровень опасности:
7/10
Описание:Многочисленные утечки информации, обращение к неинициализированной области памяти, двойное освобождение памяти, целочисленные переполнения.
Затронутые продукты:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.)
 CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.)
 CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.)
 CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.)
 CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.)
 CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.)
 CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.)
 CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.)
Оригинальный текстdocumentPHP-SECURITY, MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-008: PHP chunk_split() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, preg_quote() Interruption Information Leak Vulnerability (11.05.2010)
 documentStefan Esser, Month of PHP Security - Summary - 1st May - 10th May (11.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород