icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP 5.3 < 5.3.7 Multiple Vulnerabilities

High

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities :

- A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)

- A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)

- A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)

- crypt_blowfish was updated to 1.2. (CVE-2011-2483)

- Multiple null pointer dereferences exist.

- An unspecified crash exists in error_log().

- A buffer overflow vulnerability exists in crypt().

Solution

Upgrade to PHP version 5.3.7 or later.