English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70840
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1126-2 (libapache2-mod-php5)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to libapache2-mod-php5
announced via advisory USN-1126-2.

Details:

USN 1126-1 fixed several vulnerabilities in PHP. The fix for
CVE-2010-4697 introduced an incorrect reference counting regression
in the Zend engine that caused the PHP interpreter to segfault. This
regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.

The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression
in the PEAR installer that prevented it from creating its cache
directory and reporting errors correctly.

We apologize for the inconvenience.

Original advisory details:

Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)

Raphael Geisert and Dan Rosenberg discovered that the PEAR installer
allows local users to overwrite arbitrary files via a symlink attack on
the package.xml file, related to the (1) download_dir, (2) cache_dir,
(3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
CVE-2011-1144)

Ben Schmidt discovered that a use-after-free vulnerability in the PHP
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)

Martin Barbella discovered a buffer overflow in the PHP GD extension
that allows an attacker to cause a denial of service (application crash)
via a large number of anti- aliasing steps in an argument to the
imagepstext function. (CVE-2010-4698)

It was discovered that PHP accepts the \0 character in a pathname,
which might allow an attacker to bypass intended access restrictions
by placing a safe file extension after this character. This issue
is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.
(CVE-2006-7243)

Maksymilian Arciemowicz discovered that the grapheme_extract function
in the PHP Internationalization extension (Intl) for ICU allow
an attacker to cause a denial of service (crash) via an invalid
size argument, which triggers a NULL pointer dereference. This
issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu
11.04. (CVE-2011-0420)

Maksymilian Arciemowicz discovered that the _zip_name_locate
function in the PHP Zip extension does not properly handle a
ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to
cause a denial of service (NULL pointer dereference) via an empty
ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu
10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0421)

Luca Carettoni discovered that the PHP Exif extension performs an
incorrect cast on 64bit platforms, which allows a remote attacker
to cause a denial of service (application crash) via an image with
a crafted Image File Directory (IFD). (CVE-2011-0708)

Jose Carlos Norte discovered that an integer overflow in the PHP
shmop extension could allow an attacker to cause a denial of service
(crash) and possibly read sensitive memory function. (CVE-2011-1092)

Felipe Pena discovered that a use-after-free vulnerability in the
substr_replace function allows an attacker to cause a denial of
service (memory corruption) or possibly execute arbitrary code.
(CVE-2011-1148)

Felipe Pena discovered multiple format string vulnerabilities in the
PHP phar extension. These could allow an attacker to obtain sensitive
information from process memory, cause a denial of service (memory
corruption), or possibly execute arbitrary code. This issue affected
Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04.(CVE-2011-1153)

It was discovered that a buffer overflow occurs in the strval function
when the precision configuration option has a large value. The default
compiler options for Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS,
Ubuntu 10.10, and Ubuntu 11.04 should reduce the vulnerability to a
denial of service. (CVE-2011-1464)

It was discovered that an integer overflow in the SdnToJulian function
in the PHP Calendar extension could allow an attacker to cause a
denial of service (application crash). (CVE-2011-1466)

Tomas Hoger discovered that an integer overflow in the
NumberFormatter::setSymbol function in the PHP Intl extension
could allow an attacker to cause a denial of service (application
crash). This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu
11.04. (CVE-2011-1467)

It was discovered that multiple memory leaks in the PHP OpenSSL
extension might allow a remote attacker to cause a denial of service
(memory consumption). This issue affected Ubuntu 10.04 LTS, Ubuntu
10.10, and Ubuntu 11.04. (CVE-2011-1468)

Daniel Buschke discovered that the PHP Streams component in PHP
handled types improperly, possibly allowing an attacker to cause a
denial of service (application crash). (CVE-2011-1469)

It was discovered that the PHP Zip extension could allow an attacker to
cause a denial of service (application crash) via a ziparchive stream
that is not properly handled by the stream_get_contents function. This
issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu
10.10, and Ubuntu 11.04. (CVE-2011-1470)

It was discovered that an integer signedness error in the PHP Zip
extension could allow an attacker to cause a denial of service (CPU
consumption) via a malformed archive file. This issue affected
Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and
Ubuntu 11.04. (CVE-2011-1470) (CVE-2011-1471)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
libapache2-mod-php5 5.3.5-1ubuntu7.2
php-pear 5.3.5-1ubuntu7.2
php5 5.3.5-1ubuntu7.2
php5-cgi 5.3.5-1ubuntu7.2
php5-cli 5.3.5-1ubuntu7.2
php5-common 5.3.5-1ubuntu7.2

Ubuntu 10.10:
libapache2-mod-php5 5.3.3-1ubuntu9.5
php-pear 5.3.3-1ubuntu9.5
php5 5.3.3-1ubuntu9.5
php5-cgi 5.3.3-1ubuntu9.5
php5-cli 5.3.3-1ubuntu9.5
php5-common 5.3.3-1ubuntu9.5

Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.9
php-pear 5.3.2-1ubuntu4.9
php5 5.3.2-1ubuntu4.9
php5-cgi 5.3.2-1ubuntu4.9
php5-cli 5.3.2-1ubuntu4.9
php5-common 5.3.2-1ubuntu4.9

Ubuntu 9.10:
libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.10
php-pear 5.2.10.dfsg.1-2ubuntu6.10
php5 5.2.10.dfsg.1-2ubuntu6.10
php5-cgi 5.2.10.dfsg.1-2ubuntu6.10
php5-cli 5.2.10.dfsg.1-2ubuntu6.10
php5-common 5.2.10.dfsg.1-2ubuntu6.10

Ubuntu 8.04 LTS:
libapache2-mod-php5 5.2.4-2ubuntu5.17
php-pear 5.2.4-2ubuntu5.17
php5 5.2.4-2ubuntu5.17
php5-cgi 5.2.4-2ubuntu5.17
php5-cli 5.2.4-2ubuntu5.17
php5-common 5.2.4-2ubuntu5.17

http://www.securityspace.com/smysecure/catid.html?in=USN-1126-2

CVSS Score:
7.5

CVSS Vector:
AV:L/AC:L/Au:NR/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4697
BugTraq ID: 45952
http://www.securityfocus.com/bid/45952
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: SSRT100826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12528
XForce ISS Database: php-zendengine-code-execution(65310)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65310
Common Vulnerability Exposure (CVE) ID: CVE-2011-1072
43533
http://secunia.com/advisories/43533
46605
http://www.securityfocus.com/bid/46605
MDVSA-2011:187
http://www.mandriva.com/security/advisories?name=MDVSA-2011:187
RHSA-2011:1741
http://www.redhat.com/support/errata/RHSA-2011-1741.html
[oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack
http://openwall.com/lists/oss-security/2011/02/28/3
[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack
http://openwall.com/lists/oss-security/2011/02/28/12
http://openwall.com/lists/oss-security/2011/02/28/5
[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack
http://openwall.com/lists/oss-security/2011/03/01/4
http://openwall.com/lists/oss-security/2011/03/01/5
http://openwall.com/lists/oss-security/2011/03/01/7
http://openwall.com/lists/oss-security/2011/03/01/8
http://openwall.com/lists/oss-security/2011/03/01/9
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164
http://news.php.net/php.pear.cvs/61264
http://pear.php.net/advisory-20110228.txt
http://pear.php.net/bugs/bug.php?id=18056
http://security-tracker.debian.org/tracker/CVE-2011-1072
http://svn.php.net/viewvc?view=revision&revision=308687
pear-pear-installer-symlink(65721)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65721
Common Vulnerability Exposure (CVE) ID: CVE-2011-1144
XForce ISS Database: pear-package-symlink(65911)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65911
Common Vulnerability Exposure (CVE) ID: CVE-2011-0441
BugTraq ID: 46928
http://www.securityfocus.com/bid/46928
http://www.mandriva.com/security/advisories?name=MDVSA-2011:069
http://www.vupen.com/english/advisories/2011/0910
XForce ISS Database: php-php5common-file-deletion(66180)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66180
Common Vulnerability Exposure (CVE) ID: CVE-2010-4698
BugTraq ID: 45338
http://www.securityfocus.com/bid/45338
http://seclists.org/fulldisclosure/2010/Dec/180
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11939
Common Vulnerability Exposure (CVE) ID: CVE-2006-7243
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
BugTraq ID: 44951
http://www.securityfocus.com/bid/44951
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
HPdes Security Advisory: HPSBUX02741
http://marc.info/?l=bugtraq&m=132871655717248&w=2
HPdes Security Advisory: SSRT100728
http://www.mandriva.com/security/advisories?name=MDVSA-2010:254
http://www.madirish.net/?article=436
http://openwall.com/lists/oss-security/2010/11/18/4
http://openwall.com/lists/oss-security/2010/11/18/5
http://openwall.com/lists/oss-security/2010/12/09/10
http://openwall.com/lists/oss-security/2010/12/09/11
http://openwall.com/lists/oss-security/2010/12/09/9
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12569
RedHat Security Advisories: RHSA-2013:1307
http://rhn.redhat.com/errata/RHSA-2013-1307.html
RedHat Security Advisories: RHSA-2013:1615
http://rhn.redhat.com/errata/RHSA-2013-1615.html
RedHat Security Advisories: RHSA-2014:0311
http://rhn.redhat.com/errata/RHSA-2014-0311.html
http://secunia.com/advisories/55078
Common Vulnerability Exposure (CVE) ID: CVE-2011-0420
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46429
http://www.securityfocus.com/bid/46429
Bugtraq: 20110216 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (Google Search)
http://www.securityfocus.com/archive/1/516504/100/0/threaded
Bugtraq: 20110217 Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (Google Search)
http://www.securityfocus.com/archive/1/516518/100/0/threaded
CERT/CC vulnerability note: VU#210829
http://www.kb.cert.org/vuls/id/210829
Debian Security Information: DSA-2266 (Google Search)
http://www.debian.org/security/2011/dsa-2266
http://www.exploit-db.com/exploits/16182
http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449
http://securityreason.com/securityalert/8087
http://securityreason.com/achievement_securityalert/94
XForce ISS Database: php-graphemeextract-dos(65437)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65437
Common Vulnerability Exposure (CVE) ID: CVE-2011-0421
BugTraq ID: 46354
http://www.securityfocus.com/bid/46354
Bugtraq: 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) (Google Search)
http://www.securityfocus.com/archive/1/517065/100/0/threaded
http://www.exploit-db.com/exploits/17004
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.mandriva.com/security/advisories?name=MDVSA-2011:099
http://secunia.com/advisories/43621
http://securityreason.com/securityalert/8146
http://securityreason.com/achievement_securityalert/96
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0744
http://www.vupen.com/english/advisories/2011/0764
http://www.vupen.com/english/advisories/2011/0890
XForce ISS Database: libzip-zipnamelocate-dos(66173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66173
Common Vulnerability Exposure (CVE) ID: CVE-2011-0708
16261
http://www.exploit-db.com/exploits/16261/
46365
http://www.securityfocus.com/bid/46365
8114
http://securityreason.com/securityalert/8114
ADV-2011-0744
ADV-2011-0764
ADV-2011-0890
APPLE-SA-2011-10-12-3
DSA-2266
FEDORA-2011-3614
FEDORA-2011-3636
FEDORA-2011-3666
HPSBOV02763
MDVSA-2011:052
MDVSA-2011:053
RHSA-2011:1423
http://www.redhat.com/support/errata/RHSA-2011-1423.html
RHSA-2012:0071
http://rhn.redhat.com/errata/RHSA-2012-0071.html
SSRT100826
[oss-security] 20110214 PHP Exif 64bit Casting Vulnerability, CVE request
http://openwall.com/lists/oss-security/2011/02/14/1
[oss-security] 20110216 Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request
http://openwall.com/lists/oss-security/2011/02/16/7
http://bugs.php.net/bug.php?id=54002
http://support.apple.com/kb/HT5002
http://svn.php.net/viewvc?view=revision&revision=308316
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2011.php
http://www.php.net/releases/5_3_6.php
https://bugzilla.redhat.com/show_bug.cgi?id=680972
Common Vulnerability Exposure (CVE) ID: CVE-2011-1092
16966
http://www.exploit-db.com/exploits/16966
46786
http://www.securityfocus.com/bid/46786
8130
http://securityreason.com/securityalert/8130
[oss-security] 20110308 CVE request, php's shm
http://www.openwall.com/lists/oss-security/2011/03/08/9
[oss-security] 20110308 Re: CVE request, php's shm
http://www.openwall.com/lists/oss-security/2011/03/08/11
http://bugs.php.net/bug.php?id=54193
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018
https://bugzilla.redhat.com/show_bug.cgi?id=683183
php-shmopread-overflow(65988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65988
Common Vulnerability Exposure (CVE) ID: CVE-2011-1148
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 46843
http://www.securityfocus.com/bid/46843
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://openwall.com/lists/oss-security/2011/03/13/2
http://openwall.com/lists/oss-security/2011/03/13/3
http://openwall.com/lists/oss-security/2011/03/13/9
XForce ISS Database: php-substrreplace-code-exec(66080)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66080
Common Vulnerability Exposure (CVE) ID: CVE-2011-1153
43744
http://secunia.com/advisories/43744
46854
http://www.securityfocus.com/bid/46854
[oss-security] 20110314 CVE request: format-string vulnerability in PHP Phar extension
http://openwall.com/lists/oss-security/2011/03/14/13
[oss-security] 20110314 Re: CVE request: format-string vulnerability in PHP Phar extension
http://openwall.com/lists/oss-security/2011/03/14/14
http://openwall.com/lists/oss-security/2011/03/14/24
http://bugs.php.net/bug.php?id=54247
http://svn.php.net/viewvc?view=revision&revision=309221
https://bugzilla.redhat.com/show_bug.cgi?id=688378
php-pharobject-format-string(66079)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66079
Common Vulnerability Exposure (CVE) ID: CVE-2011-1464
Common Vulnerability Exposure (CVE) ID: CVE-2011-1466
BugTraq ID: 46967
http://www.securityfocus.com/bid/46967
RedHat Security Advisories: RHSA-2012:0071
http://secunia.com/advisories/48668
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1467
BugTraq ID: 46968
http://www.securityfocus.com/bid/46968
Common Vulnerability Exposure (CVE) ID: CVE-2011-1468
BugTraq ID: 46977
http://www.securityfocus.com/bid/46977
Common Vulnerability Exposure (CVE) ID: CVE-2011-1469
BugTraq ID: 46970
http://www.securityfocus.com/bid/46970
Common Vulnerability Exposure (CVE) ID: CVE-2011-1470
BugTraq ID: 46969
http://www.securityfocus.com/bid/46969
Common Vulnerability Exposure (CVE) ID: CVE-2011-1471
BugTraq ID: 46975
http://www.securityfocus.com/bid/46975
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.