PHP < 5.3.3 / 5.2.14 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801070

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner the version of PHP installed on the remote host is earlier than 5.3.3 / 5.2.14. Such version are potentially affected by multiple vulnerabilities :

- An information disclosure vulnerability in var_export() when a fatal error occurs.

- A resource destruction issue in shm_put_var().

- A possible information leak because of an interruption of XOR operator.

- A memory corruption issue caused by an unexpected call-time pass by reference and the following memory clobbering through callbacks.

- A memory corruption issue in ArrayObject::uasort().

- A memory corruption issue in parse_str().

- A memory corruption issue in pack().

- A memory corruption issue in substr_replace().

- A memory corruption issue in addcslashes().

- A stack exhaustion issue in fnmatch().

- A buffer overflow vulnerability in the dechunking filter.

- An arbitrary memory access issue in the sqlite extension.

- A string format validation issue in the phar extension.

- An unspecified issue relating to the handling of session variable serialization on certain prefix characters.

- A NULL pointer dereference issue when processing invalid XML-RPC requests.

- An unserialization issue in SplObjectStorage.

- Buffer overflow vulnerabilities in mysqlnd_list_fields and mysqlnd_change_user.

- Buffer overflows when handling error packets in mysqlnd.

Solution

Upgrade to PHP version 5.2.14, 5.3.3, or later.

See Also

http://.php.net/releases/5_3_3.php

http://.php.net/releases/5_2_14.php

http://.php.net/ChangeLog-5.php#5.3.3

http://.php.net/ChangeLog-5.php#5.2.14

Plugin Details

Severity: High

ID: 801070

Family: Web Servers

Published: 7/27/2010

Nessus ID: 48244, 48245

Vulnerability Information

Patch Publication Date: 7/22/2010

Vulnerability Publication Date: 7/22/2010

Reference Information

CVE: CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531

BID: 41991