PHP 5.3.x < 5.3.6 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5824
SynopsisThe remote web server uses a version of PHP that is affected by multiple vulnerabilities.
DescriptionVersions of PHP 5.3 earlier than 5.3.6 are potentially affected by multiple vulnerabilities :
- An error exists in the function '_zip_name_locate()' in the file 'ext/zip/lib/zip_name_locate.c' which allows a NULL pointer to be dereferenced when processing an empty archive. (CVE-2011-0421)
- A variable casting error exists in the Exif extension's C function 'exif_process_IFD_TAG()' in the file 'ext/exif/exif.c' could allow arbitrary code execution. (CVE-2011-0708)
- An integer overflow vulnerability exists in the implementation of the PHP function 'shmop_read' in the file 'ext/shmop/shmop.c'. (CVE-2011-1092)
- An error exists in the file 'phar/phar_object.c' n which calls to 'zend_throw_exception_ex()' pass data as a string format parameter which could lead to information disclosure or memory corruption when handling PHP archives. (CVE-2011-1153)
- A buffer overflow error exists in the C function 'xbuf_format_converter' in the file 'main/snprintf.c' when the PHP configuration setting for 'precision' is set to a large value. (Bug 54055)
- An unspecified error exists in the security enforcement regarding the parsing of the fastcgi protocol with the 'FastCGI Process Manager' (FPM) SAPI.
SolutionUpgrade to PHP version 5.3.6 or later.