English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71092
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1358-1 (libapache2-mod-php5)
Summary:Ubuntu USN-1358-1 (libapache2-mod-php5)
Description:The remote host is missing an update to libapache2-mod-php5
announced via advisory USN-1358-1.

Details:

It was discovered that PHP computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
This could allow a remote attacker to cause a denial of service by
sending many crafted parameters. (CVE-2011-4885)

ATTENTION: this update changes previous PHP behavior by
limiting the number of external input variables to 1000.
This may be increased by adding a max_input_vars
directive to the php.ini configuration file. See
http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars
for more information.

Stefan Esser discovered that the fix to address the predictable hash
collision issue, CVE-2011-4885, did not properly handle the situation
where the limit was reached. This could allow a remote attacker to
cause a denial of service or execute arbitrary code via a request
containing a large number of variables. (CVE-2012-0830)

It was discovered that PHP did not always check the return value of
the zend_strndup function. This could allow a remote attacker to
cause a denial of service. (CVE-2011-4153)

It was discovered that PHP did not properly enforce libxslt security
settings. This could allow a remote attacker to create arbitrary
files via a crafted XSLT stylesheet that uses the libxslt output
extension. (CVE-2012-0057)

It was discovered that PHP did not properly enforce that PDORow
objects could not be serialized and not be saved in a session. A
remote attacker could use this to cause a denial of service via an
application crash. (CVE-2012-0788)

It was discovered that PHP allowed the magic_quotes_gpc setting to
be disabled remotely. This could allow a remote attacker to bypass
restrictions that could prevent an SQL injection. (CVE-2012-0831)

USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job
for PHP allowed local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. Emese Revfy discovered
that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This
update corrects the issue. We apologize for the error. (CVE-2011-0441)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libapache2-mod-php5 5.3.6-13ubuntu3.5
php5 5.3.6-13ubuntu3.5
php5-cgi 5.3.6-13ubuntu3.5
php5-cli 5.3.6-13ubuntu3.5
php5-common 5.3.6-13ubuntu3.5
php5-xsl 5.3.6-13ubuntu3.5

Ubuntu 11.04:
libapache2-mod-php5 5.3.5-1ubuntu7.6
php5 5.3.5-1ubuntu7.6
php5-cgi 5.3.5-1ubuntu7.6
php5-cli 5.3.5-1ubuntu7.6
php5-common 5.3.5-1ubuntu7.6
php5-xsl 5.3.5-1ubuntu7.6

Ubuntu 10.10:
libapache2-mod-php5 5.3.3-1ubuntu9.9
php5 5.3.3-1ubuntu9.9
php5-cgi 5.3.3-1ubuntu9.9
php5-cli 5.3.3-1ubuntu9.9
php5-common 5.3.3-1ubuntu9.9
php5-xsl 5.3.3-1ubuntu9.9

Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.13
php5 5.3.2-1ubuntu4.13
php5-cgi 5.3.2-1ubuntu4.13
php5-cli 5.3.2-1ubuntu4.13
php5-common 5.3.2-1ubuntu4.13
php5-xsl 5.3.2-1ubuntu4.13

Ubuntu 8.04 LTS:
libapache2-mod-php5 5.2.4-2ubuntu5.22
php5 5.2.4-2ubuntu5.22
php5-cgi 5.2.4-2ubuntu5.22
php5-cli 5.2.4-2ubuntu5.22
php5-common 5.2.4-2ubuntu5.22
php5-xsl 5.2.4-2ubuntu5.22

http://www.securityspace.com/smysecure/catid.html?in=USN-1358-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-4885
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
http://www.exploit-db.com/exploits/18296
http://www.exploit-db.com/exploits/18305
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
HPdes Security Advisory: HPSBUX02741
http://marc.info/?l=bugtraq&m=132871655717248&w=2
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: SSRT100877
http://www.mandriva.com/security/advisories?name=MDVSA-2011:197
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.redhat.com/support/errata/RHSA-2012-0019.html
RedHat Security Advisories: RHSA-2012:0071
http://rhn.redhat.com/errata/RHSA-2012-0071.html
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
BugTraq ID: 51193
http://www.securityfocus.com/bid/51193
http://www.securitytracker.com/id?1026473
http://secunia.com/advisories/48668
http://secunia.com/advisories/47404
XForce ISS Database: php-hash-dos(72021)
http://xforce.iss.net/xforce/xfdb/72021
Common Vulnerability Exposure (CVE) ID: CVE-2012-0830
http://openwall.com/lists/oss-security/2012/02/02/12
http://openwall.com/lists/oss-security/2012/02/03/1
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
https://gist.github.com/1725489
Debian Security Information: DSA-2403 (Google Search)
http://www.debian.org/security/2012/dsa-2403
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
RedHat Security Advisories: RHSA-2012:0092
http://rhn.redhat.com/errata/RHSA-2012-0092.html
BugTraq ID: 51830
http://www.securityfocus.com/bid/51830
http://www.osvdb.org/78819
http://securitytracker.com/id?1026631
http://secunia.com/advisories/47806
http://secunia.com/advisories/47801
http://secunia.com/advisories/47813
XForce ISS Database: php-phpregistervariableex-code-exec(72911)
http://xforce.iss.net/xforce/xfdb/72911
Common Vulnerability Exposure (CVE) ID: CVE-2011-4153
Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
http://www.exploit-db.com/exploits/18370/
http://cxsecurity.com/research/103
Common Vulnerability Exposure (CVE) ID: CVE-2012-0057
http://openwall.com/lists/oss-security/2012/01/13/4
http://openwall.com/lists/oss-security/2012/01/13/5
http://openwall.com/lists/oss-security/2012/01/13/6
http://openwall.com/lists/oss-security/2012/01/13/7
http://openwall.com/lists/oss-security/2012/01/13/10
http://openwall.com/lists/oss-security/2012/01/14/1
http://openwall.com/lists/oss-security/2012/01/14/2
http://openwall.com/lists/oss-security/2012/01/14/3
http://openwall.com/lists/oss-security/2012/01/15/2
http://openwall.com/lists/oss-security/2012/01/15/1
http://openwall.com/lists/oss-security/2012/01/15/10
http://openwall.com/lists/oss-security/2012/01/18/3
XForce ISS Database: php-libxslt-security-bypass(72908)
http://xforce.iss.net/xforce/xfdb/72908
Common Vulnerability Exposure (CVE) ID: CVE-2012-0788
Common Vulnerability Exposure (CVE) ID: CVE-2012-0831
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
RedHat Security Advisories: RHSA-2013:1307
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://www.ubuntu.com/usn/USN-1358-1
BugTraq ID: 51954
http://www.securityfocus.com/bid/51954
http://secunia.com/advisories/55078
XForce ISS Database: php-magicquotesgpc-sec-bypass(73125)
http://xforce.iss.net/xforce/xfdb/73125
Common Vulnerability Exposure (CVE) ID: CVE-2011-0441
http://www.mandriva.com/security/advisories?name=MDVSA-2011:069
BugTraq ID: 46928
http://www.securityfocus.com/bid/46928
http://www.vupen.com/english/advisories/2011/0910
XForce ISS Database: php-php5common-file-deletion(66180)
http://xforce.iss.net/xforce/xfdb/66180
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.