Test ID:	1.3.6.1.4.1.25623.1.0.902317
Category:	Web application abuses
Title:	PHP 'phar_stream_flush' Format String Vulnerability
Summary:	PHP is prone to a format string vulnerability.
Description:	Summary: PHP is prone to a format string vulnerability. Vulnerability Insight: The flaws are due to: - An error in 'stream.c' in the phar extension, which allows attackers to obtain sensitive information. - An error in 'open_wrappers.c', allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. - An error in 'mb_strcut()' function in 'Libmbfl', allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). Vulnerability Impact: Successful exploitation could allow attackers to obtain sensitive information and possibly execute arbitrary code via a crafted phar:// URI. Affected Software/OS: PHP version 5.3 through 5.3.3 Solution: Update to PHP version 5.3.4 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2950 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html HPdes Security Advisory: HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPdes Security Advisory: SSRT100409 http://www.mandriva.com/security/advisories?name=MDVSA-2010:254 http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3436 42729 http://secunia.com/advisories/42729 42812 http://secunia.com/advisories/42812 44723 http://www.securityfocus.com/bid/44723 ADV-2010-3313 http://www.vupen.com/english/advisories/2010/3313 ADV-2011-0077 http://www.vupen.com/english/advisories/2011/0077 APPLE-SA-2011-03-21-1 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html MDVSA-2010:218 http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 SSA:2010-357-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 USN-1042-1 http://www.ubuntu.com/usn/USN-1042-1 http://security-tracker.debian.org/tracker/CVE-2010-3436 http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824 http://svn.php.net/viewvc?view=revision&revision=303824 http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2010.php#id2010-12-10-1 http://www.php.net/releases/5_2_15.php http://www.php.net/releases/5_3_4.php Common Vulnerability Exposure (CVE) ID: CVE-2010-4156 42135 http://secunia.com/advisories/42135 43189 http://secunia.com/advisories/43189 44727 http://www.securityfocus.com/bid/44727 ADV-2011-0020 http://www.vupen.com/english/advisories/2011/0020 ADV-2011-0021 http://www.vupen.com/english/advisories/2011/0021 FEDORA-2010-18976 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html FEDORA-2010-19011 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html HPSBMA02662 MDVSA-2010:225 http://www.mandriva.com/security/advisories?name=MDVSA-2010:225 RHSA-2011:0196 http://www.redhat.com/support/errata/RHSA-2011-0196.html SSRT100409 [oss-security] 20101107 CVE Request: PHP 5.3.3, libmbfl, mb_strcut http://www.openwall.com/lists/oss-security/2010/11/07/2 [oss-security] 20101108 Re: CVE Request: PHP 5.3.3, libmbfl, mb_strcut http://www.openwall.com/lists/oss-security/2010/11/08/13 http://pastie.org/1279428 http://pastie.org/1279682
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.