PHP 5.3 < 5.3.7 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801087

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities :

- A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)

- A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)

- A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)

- crypt_blowfish was updated to 1.2. (CVE-2011-2483)

- Multiple null pointer dereferences exist.

- An unspecified crash exists in error_log().

- A buffer overflow vulnerability exists in crypt().

Solution

Upgrade to PHP version 5.3.7 or later.

See Also

https://bugs.php.net/bug.php?id=54238

https://bugs.php.net/bug.php?id=54681

https://bugs.php.net/bug.php?id=54939

securityreason.com/achievement_securityalert/101

securityreason.com/exploitalert/10738

http://.php.net/releases/5.3.7.php

Plugin Details

Severity: High

ID: 801087

Family: Web Servers

Published: 8/23/2011

Nessus ID: 55925, 57753

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Patch Publication Date: 8/18/2011

Vulnerability Publication Date: 3/13/2011

Reference Information

CVE: CVE-2011-1148, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268

BID: 49241, 46843, 47950, 48259, 49249, 49252