Информационная безопасность
[RU] switch to English

Многочисленные уязвимости безопасности в PHP
Опубликовано:27 августа 2011 г.
SecurityVulns ID:11879
Описание:Обращения по нулевому указателю, повреждения памяти в ZipArchive.
Затронутые продукты:PHP : PHP 5.3
CVE:CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.)
 CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability.")
 CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.)
 CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.)
 CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] php (SSA:2011-237-01) (27.08.2011)
 documentMaksymilian Arciemowicz, PHP 5.3.6 multiple null pointer dereference (27.08.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород