Denial of Service : PHP Multiple Denial of Service Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802566

Categoría: Denial of Service

Título: PHP Multiple Denial of Service Vulnerabilities - Windows

Resumen: PHP is prone to multiple denial of service (DoS) vulnerabilities.

Descripción: Summary:
PHP is prone to multiple denial of service (DoS) vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to

- An error in application which makes calls to the 'zend_strndup()' function
without checking the returned values. A local user can run specially
crafted PHP code to trigger a null pointer dereference in zend_strndup()
and cause the target service to crash.

- An error in 'tidy_diagnose' function, which might allows remote attackers
to cause a denial of service via crafted input.

Vulnerability Impact:
Successful exploitation could allow remote attackers to cause
denial of service conditions.

Affected Software/OS:
PHP Version 5.3.8 on Windows.

Solution:
Update to PHP version 5.4.0 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4153
Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
http://www.exploit-db.com/exploits/18370/
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
HPdes Security Advisory: SSRT100877
http://cxsecurity.com/research/103
http://secunia.com/advisories/48668
SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-0781

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802566
Categoría:	Denial of Service
Título:	PHP Multiple Denial of Service Vulnerabilities - Windows
Resumen:	PHP is prone to multiple denial of service (DoS) vulnerabilities.
Descripción:	Summary: PHP is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: Multiple flaws are due to - An error in application which makes calls to the 'zend_strndup()' function without checking the returned values. A local user can run specially crafted PHP code to trigger a null pointer dereference in zend_strndup() and cause the target service to crash. - An error in 'tidy_diagnose' function, which might allows remote attackers to cause a denial of service via crafted input. Vulnerability Impact: Successful exploitation could allow remote attackers to cause denial of service conditions. Affected Software/OS: PHP Version 5.3.8 on Windows. Solution: Update to PHP version 5.4.0 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4153 Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://www.exploit-db.com/exploits/18370/ HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 HPdes Security Advisory: SSRT100856 HPdes Security Advisory: SSRT100877 http://cxsecurity.com/research/103 http://secunia.com/advisories/48668 SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0781
Copyright	Copyright (C) 2012 Greenbone AG