CVE-2012-0830

HIGH

Description

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

http://marc.info/?l=bugtraq&m=134012830914727&w=2

http://openwall.com/lists/oss-security/2012/02/02/12

http://openwall.com/lists/oss-security/2012/02/03/1

http://rhn.redhat.com/errata/RHSA-2012-0092.html

http://secunia.com/advisories/47801

http://secunia.com/advisories/47806

http://secunia.com/advisories/47813

http://secunia.com/advisories/48668

http://securitytracker.com/id?1026631

http://support.apple.com/kb/HT5281

http://svn.php.net/viewvc?view=revision&revision=323007

http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/

http://www.debian.org/security/2012/dsa-2403

http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html

http://www.osvdb.org/78819

http://www.php.net/ChangeLog-5.php#5.3.10

http://www.securityfocus.com/bid/51830

https://exchange.xforce.ibmcloud.com/vulnerabilities/72911

https://gist.github.com/1725489

Details

Source: MITRE

Published: 2012-02-06

Updated: 2018-01-09

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
78134F5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)NessusF5 Networks Local Security Checks
critical
74580openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)NessusSuSE Local Security Checks
high
69648Amazon Linux AMI : php (ALAS-2012-41)NessusAmazon Linux Local Security Checks
high
68449Oracle Linux 4 / 5 / 6 : php (ELSA-2012-0093)NessusOracle Linux Local Security Checks
high
68448Oracle Linux 5 : php53 (ELSA-2012-0092)NessusOracle Linux Local Security Checks
high
62236GLSA-201209-03 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
61238Scientific Linux Security Update : php on SL4.x, SL5.x, SL6.x i386/x86_64 (20120202)NessusScientific Linux Local Security Checks
high
61237Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120202)NessusScientific Linux Local Security Checks
high
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
6482Mac OS X 10.7 < 10.7.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
59066Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
58890Mandriva Linux Security Advisory : php (MDVSA-2012:065)NessusMandriva Local Security Checks
high
58740SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)NessusSuSE Local Security Checks
high
58480SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)NessusSuSE Local Security Checks
high
58039PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)NessusCGI abuses
critical
57954Fedora 15 : maniadrive-1.2-32.fc15.2 / php-5.3.10-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.2 (2012-1301)NessusFedora Local Security Checks
high
57932Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 regression (USN-1358-2)NessusUbuntu Local Security Checks
high
57893Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-041-02)NessusSlackware Local Security Checks
high
57888Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1)NessusUbuntu Local Security Checks
high
57869Fedora 16 : maniadrive-1.2-32.fc16.2 / php-5.3.10-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.2 (2012-1262)NessusFedora Local Security Checks
high
801084PHP 5.3.9 php_register_variable_ex() Code ExecutionLog Correlation EngineWeb Servers
high
6304PHP < 5.3.10 php_register_variable_ex() RCENessus Network MonitorWeb Servers
critical
57830FreeBSD : php -- arbitrary remote code execution vulnerability (3fd040be-4f0b-11e1-9e32-0025900931f8)NessusFreeBSD Local Security Checks
high
57825PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)NessusCGI abuses
critical
57821RHEL 4 / 5 / 6 : php (RHSA-2012:0093)NessusRed Hat Local Security Checks
high
57820RHEL 5 : php53 (RHSA-2012:0092)NessusRed Hat Local Security Checks
high
57814Debian DSA-2403-2 : php5 - code injectionNessusDebian Local Security Checks
high
57808CentOS 4 / 5 / 6 : php (CESA-2012:0093)NessusCentOS Local Security Checks
high
57807CentOS 5 : php53 (CESA-2012:0092)NessusCentOS Local Security Checks
high