Test ID:	1.3.6.1.4.1.25623.1.0.803342
Category:	Buffer overflow
Title:	PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability - Windows
Summary:	PHP is prone to a heap buffer overflow vulnerability.
Description:	Summary: PHP is prone to a heap buffer overflow vulnerability. Vulnerability Insight: Flaw related to overflow in phar_parse_tarfile()function in ext/phar/tar.c in the phar extension. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code or cause a denial-of-service condition via specially crafted TAR file. Affected Software/OS: PHP version before 5.3.14 and 5.4.x before 5.4.4 Solution: Update to PHP 5.4.4 or 5.3.14 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2386 APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html SUSE-SU-2012:0840 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html [oss-security] 20120522 Re: CVE request: PHP Phar - arbitrary code execution http://openwall.com/lists/oss-security/2012/05/22/10 http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854 http://support.apple.com/kb/HT5501 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=61065 https://bugzilla.redhat.com/show_bug.cgi?id=823594
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.