Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.3.x < 5.3.7 Multiple Vulnerabilities

High

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities :

- A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)

- A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)

- A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)

- crypt_blowfish was updated to 1.2. (CVE-2011-2483)

- Multiple null pointer dereferences exist.

- An unspecified crash exists in error_log().

- A buffer overflow vulnerability exists in crypt(). - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition. (OSVDB 126477)

Solution

Upgrade to PHP version 5.3.7 or later.