 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.120517 |
| Category: | Amazon Linux Local Security Checks |
| Title: | Amazon Linux: Security Advisory (ALAS-2011-7) |
| Summary: | The remote host is missing an update for the 'php' package(s) announced via the ALAS-2011-7 advisory. |
| Description: | Summary: The remote host is missing an update for the 'php' package(s) announced via the ALAS-2011-7 advisory. Vulnerability Insight: PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. php: changes to is_a() in 5.3.7 may allow arbitrary code execution with certain code A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'php' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1148 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 46843 http://www.securityfocus.com/bid/46843 BugTraq ID: 49241 http://www.securityfocus.com/bid/49241 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://openwall.com/lists/oss-security/2011/03/13/2 http://openwall.com/lists/oss-security/2011/03/13/3 http://openwall.com/lists/oss-security/2011/03/13/9 http://www.redhat.com/support/errata/RHSA-2011-1423.html XForce ISS Database: php-substrreplace-code-exec(66080) https://exchange.xforce.ibmcloud.com/vulnerabilities/66080 Common Vulnerability Exposure (CVE) ID: CVE-2011-1938 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.exploit-db.com/exploits/17318/ http://openwall.com/lists/oss-security/2011/05/24/1 http://openwall.com/lists/oss-security/2011/05/24/9 http://osvdb.org/72644 http://securityreason.com/securityalert/8262 http://securityreason.com/securityalert/8294 XForce ISS Database: php-socketconnect-bo(67606) https://exchange.xforce.ibmcloud.com/vulnerabilities/67606 Common Vulnerability Exposure (CVE) ID: CVE-2011-2202 BugTraq ID: 48259 http://www.securityfocus.com/bid/48259 Debian Security Information: DSA-2266 (Google Search) http://www.debian.org/security/2011/dsa-2266 http://pastebin.com/1edSuSVN http://openwall.com/lists/oss-security/2011/06/12/5 http://openwall.com/lists/oss-security/2011/06/13/15 RedHat Security Advisories: RHSA-2012:0071 http://rhn.redhat.com/errata/RHSA-2012-0071.html http://securitytracker.com/id?1025659 http://secunia.com/advisories/44874 XForce ISS Database: php-sapiposthandlerfunc-sec-bypass(67999) https://exchange.xforce.ibmcloud.com/vulnerabilities/67999 Common Vulnerability Exposure (CVE) ID: CVE-2011-2483 Debian Security Information: DSA-2340 (Google Search) http://www.debian.org/security/2011/dsa-2340 http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 http://freshmeat.net/projects/crypt_blowfish http://www.redhat.com/support/errata/RHSA-2011-1377.html http://www.redhat.com/support/errata/RHSA-2011-1378.html SuSE Security Announcement: SUSE-SA:2011:035 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html http://www.ubuntu.com/usn/USN-1229-1 XForce ISS Database: php-cryptblowfish-info-disclosure(69319) https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 Common Vulnerability Exposure (CVE) ID: CVE-2011-3182 20110819 PHP 5.3.6 multiple null pointer dereference http://marc.info/?l=full-disclosure&m=131373057621672&w=2 http://securityreason.com/achievement_securityalert/101 49249 http://www.securityfocus.com/bid/49249 APPLE-SA-2012-02-01-1 MDVSA-2011:165 [oss-security] 20110822 CVE assignment php NULL pointer dereference - CVE-2011-3182 http://www.openwall.com/lists/oss-security/2011/08/22/9 http://support.apple.com/kb/HT5130 php-library-functions-dos(69430) https://exchange.xforce.ibmcloud.com/vulnerabilities/69430 Common Vulnerability Exposure (CVE) ID: CVE-2011-3379 20110923 Security issue is_a function in PHP 5.3.7+ http://www.securityfocus.com/archive/1/519770/30/0/threaded 8525 http://securityreason.com/securityalert/8525 HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 SSRT100877 http://svn.php.net/viewvc/?view=revision&revision=317183 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/ https://bugs.php.net/bug.php?id=55475 https://bugzilla.redhat.com/show_bug.cgi?id=741020 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |