Информационная безопасность
[RU] switch to English


Уязвимости безопасности в PHP
Опубликовано:17 июня 2014 г.
Источник:
SecurityVulns ID:13848
Тип:библиотека
Уровень опасности:
7/10
Описание:Проблемы символьных линков, переполнение буфера в dns_get_record().
Затронутые продукты:PHP : PHP 5.5
CVE:CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.)
 CVE-2014-3986 (include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.)
 CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.)
 CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.)
Оригинальный текстdocumentMurray McAllister, [oss-security] CVE request: PHP heap-based buffer overflow in DNS TXT record parsing (17.06.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure (17.06.2014)
 documentMurray McAllister, [oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure (17.06.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород