ID CVE-2012-0830
Summary The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
References
Vulnerable Configurations
  • PHP 5.3.9
    cpe:2.3:a:php:php:5.3.9
CVSS
Base: 7.5 (as of 07-02-2012 - 10:09)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description PHP 5.4.0RC6 (64-bit) - Denial of Service. CVE-2012-0830. Dos exploit for php platform
id EDB-ID:18460
last seen 2016-02-02
modified 2012-02-04
published 2012-02-04
reporter Stefan Esser
source https://www.exploit-db.com/download/18460/
title PHP 5.4.0RC6 64-bit - Denial of Service
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 62236
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62236
    title GLSA-201209-03 : PHP: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-1262.NASL
    description This update has the latest release of PHP, 5.3.10, which fixes a security issue. A previous security fix introduced in PHP 5.3.9 allowed a remote user to crash the PHP interpreter, or possibly execute arbitrary code. (CVE-2012-0830) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 57869
    published 2012-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57869
    title Fedora 16 : maniadrive-1.2-32.fc16.2 / php-5.3.10-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.2 (2012-1262)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-1301.NASL
    description This update contains the latest release of PHP, 5.3.10, which fixes a security issue. A security fix introduced in PHP 5.3.9 allowed a remote user to crash the PHP interpreter, or possibly, execute arbitrary code. (CVE-2012-0830) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 57954
    published 2012-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57954
    title Fedora 15 : maniadrive-1.2-32.fc15.2 / php-5.3.10-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.2 (2012-1301)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_7_4.NASL
    description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.4. The newer version contains numerous security-related fixes for the following components : - Login Window - Bluetooth - curl - HFS - Kernel - libarchive - libsecurity - libxml - LoginUIFramework - PHP - Quartz Composer - QuickTime - Ruby - Security Framework - Time Machine - X11 Note that this update addresses the recent FileVault password vulnerability, in which user passwords are stored in plaintext to a system-wide debug log if the legacy version of FileVault is used to encrypt user directories after a system upgrade to Lion. Since the patch only limits further exposure, though, we recommend that all users on the system change their passwords if user folders were encrypted using the legacy version of FileVault prior to and after an upgrade to OS X 10.7.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 59066
    published 2012-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59066
    title Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)
  • NASL family Web Servers
    NASL id HPSMH_7_1_1_1.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.1.1 and is, therefore, reportedly affected by the following vulnerabilities : - The bundled version of the libxml2 library contains multiple vulnerabilities. (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834) - The bundled version of PHP contains multiple vulnerabilities. (CVE-2011-3379, CVE-2011-4153, CVE-2011-4885, CVE-2012-1823, CVE-2012-0057, CVE-2012-0830) - The bundled version of the Apache HTTP Server contains multiple vulnerabilities. (CVE-2011-3607, CVE-2011-4317, CVE-2011-4415, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053) - An issue exists in the 'include/iniset.php' script in the embedded RoundCube Webmail version that could lead to a denial of service. (CVE-2011-4078) - The bundled version of OpenSSL contains multiple vulnerabilities. (CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-1165) - The bundled version of curl and libcurl does not properly consider special characters during extraction of a pathname from a URL. (CVE-2012-0036) - An off autocomplete attribute does not exist for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. (CVE-2012-2012) - An unspecified vulnerability exists that could allow a remote attacker to cause a denial of service, or possibly obtain sensitive information or modify data. (CVE-2012-2013) - An unspecified vulnerability exists related to improper input validation. (CVE-2012-2014) - An unspecified vulnerability allows remote, unauthenticated users to gain privileges and obtain sensitive information. (CVE-2012-2015) - An unspecified vulnerability allows local users to obtain sensitive information via unknown vectors. (CVE-2012-2016)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 59851
    published 2012-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59851
    title HP System Management Homepage < 7.1.1 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1358-1.NASL
    description It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885) ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a 'max_input_vars' directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. Stefan Esser discovered that the fix to address the predictable hash collision issue, CVE-2011-4885, did not properly handle the situation where the limit was reached. This could allow a remote attacker to cause a denial of service or execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) It was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service. (CVE-2011-4153) It was discovered that PHP did not properly enforce libxslt security settings. This could allow a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. (CVE-2012-0057) It was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788) It was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent a SQL injection. (CVE-2012-0831) USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for PHP allowed local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Emese Revfy discovered that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This update corrects the issue. We apologize for the error. (CVE-2011-0441). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 57888
    published 2012-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57888
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-41.NASL
    description It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69648
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69648
    title Amazon Linux AMI : php (ALAS-2012-41)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2012-041-02.NASL
    description New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 57893
    published 2012-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57893
    title Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-041-02)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0093.NASL
    description Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57808
    published 2012-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57808
    title CentOS 4 / 5 / 6 : php (CESA-2012:0093)
  • NASL family CGI abuses
    NASL id PHP_5_3_10.NASL
    description According to its banner, the version of PHP installed on the remote host is 5.3.9. This version reportedly is affected by a code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability (CVE-2011-4885) itself has introduced a remote code execution vulnerability in the function 'php_register_variable_ex()' in the file 'php_variables.c'. A new configuration variable, 'max_input_vars', was added as a part of the fix. If the number of input variables exceeds this value and the variable being processed is an array, code execution can occur.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 57825
    published 2012-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57825
    title PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-065.NASL
    description Multiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server (CVE-2012-0788). Note: this was fixed with php-5.3.10 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed with php-5.3.10 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c (CVE-2012-0831). Insufficient validating of upload name leading to corrupted $_FILES indices (CVE-2012-1172). The updated php packages have been upgraded to 5.3.11 which is not vulnerable to these issues. Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header (CVE-2012-0807). The php-suhosin packages has been upgraded to the 0.9.33 version which is not affected by this issue. Additionally some of the PECL extensions has been upgraded to their latest respective versions which resolves various upstream bugs.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 58890
    published 2012-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58890
    title Mandriva Linux Security Advisory : php (MDVSA-2012:065)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-182.NASL
    description php5 security update
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74580
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74580
    title openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2403.NASL
    description Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57814
    published 2012-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57814
    title Debian DSA-2403-2 : php5 - code injection
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-MOD_PHP5-120309.NASL
    description This update of php5 fixes multiple security flaws : - A php5 upload filename injection was fixed. (CVE-2011-2202) - A integer overflow in the EXIF extension was fixed that could be used by attackers to crash the interpreter or potentially read memory. (CVE-2011-4566) - Multiple NULL pointer dereferences were fixed that could lead to crashes. (CVE-2011-3182) - An integer overflow in the PHP calendar extension was fixed that could have led to crashes. (CVE-2011-1466) - A symlink vulnerability in the PEAR installer could be exploited by local attackers to inject code. (CVE-2011-1072) - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in the php5 Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831) Also the following bugs have been fixed : - allow uploading files bigger than 2GB for 64bit systems [bnc#709549] - amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671]
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 58740
    published 2012-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58740
    title SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0092.NASL
    description Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57807
    published 2012-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57807
    title CentOS 5 : php53 (CESA-2012:0092)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0093.NASL
    description Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57821
    published 2012-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57821
    title RHEL 4 / 5 / 6 : php (RHSA-2012:0093)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0093.NASL
    description From Red Hat Security Advisory 2012:0093 : Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68449
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68449
    title Oracle Linux 4 / 5 / 6 : php (ELSA-2012-0093)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL13519.NASL
    description PHP has been cited with the following multiple vulnerabilities, which may be locally exploitable on some F5 products : CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. CVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. CVE-2010-3710 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. CVE-2010-3870 The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. CVE-2011-1470 The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. CVE-2011-3182 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. CVE-2011-3267 PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2011-3268 Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78134
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78134
    title F5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0092.NASL
    description Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57820
    published 2012-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57820
    title RHEL 5 : php53 (RHSA-2012:0092)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3FD040BE4F0B11E19E320025900931F8.NASL
    description Secunia reports : A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a logic error within the 'php_register_variable_ex()' function (php_variables.c) when hashing form posts and updating a hash table, which can be exploited to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57830
    published 2012-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57830
    title FreeBSD : php -- arbitrary remote code execution vulnerability (3fd040be-4f0b-11e1-9e32-0025900931f8)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120202_PHP_ON_SL4_X.NASL
    description PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via previous php packages) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61238
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61238
    title Scientific Linux Security Update : php on SL4.x, SL5.x, SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1358-2.NASL
    description USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. We apologize for the inconvenience. It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885) ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a 'max_input_vars' directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max- input-vars for more information. Stefan Esser discovered that the fix to address the predictable hash collision issue, CVE-2011-4885, did not properly handle the situation where the limit was reached. This could allow a remote attacker to cause a denial of service or execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) It was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service. (CVE-2011-4153) It was discovered that PHP did not properly enforce libxslt security settings. This could allow a remote attacker to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. (CVE-2012-0057) It was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788) It was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent a SQL injection. (CVE-2012-0831) USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job for PHP allowed local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Emese Revfy discovered that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This update corrects the issue. We apologize for the error. (CVE-2011-0441). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 57932
    published 2012-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57932
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 regression (USN-1358-2)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120202_PHP53_ON_SL5_X.NASL
    description PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via in a previous update for php53) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61237
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61237
    title Scientific Linux Security Update : php53 on SL5.x i386/x86_64
  • NASL family CGI abuses
    NASL id PHP_5_3_9_ACE.NASL
    description The remote host is running a version of PHP that is affected by an arbitrary code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability (CVE-2011-4885) introduces a remote code execution vulnerability in the function 'php_register_variable_ex()' in the file 'php_variables.c'. A new configuration variable, 'max_input_vars', was added as a part of the fix. If the number of input variables exceeds this value and the variable being processed is an array, code execution can occur. Note that this script assumes the 'max_input_vars' parameter is set to the default value of 1000, and only runs if 'Report paranoia' is set to 'Paranoid', and 'Enable CGI scanning' is checked.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58039
    published 2012-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58039
    title PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0092.NASL
    description From Red Hat Security Advisory 2012:0092 : Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68448
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68448
    title Oracle Linux 5 : php53 (ELSA-2012-0092)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_PHP5-8009.NASL
    description This update of php5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - denial of service via hash collisions. (CVE-2011-4885) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations. (CVE-2012-0781) - applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely. (CVE-2012-0788) - memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption). (CVE-2012-0789) - a stack-based buffer overflow in php5's Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables. (CVE-2012-0830) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 58480
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58480
    title SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)
redhat via4
advisories
  • bugzilla
    id 786686
    title CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment php53 is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092002
        • comment php53 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196003
      • AND
        • comment php53-bcmath is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092040
        • comment php53-bcmath is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196015
      • AND
        • comment php53-cli is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092006
        • comment php53-cli is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196025
      • AND
        • comment php53-common is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092008
        • comment php53-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196023
      • AND
        • comment php53-dba is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092020
        • comment php53-dba is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196019
      • AND
        • comment php53-devel is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092042
        • comment php53-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196033
      • AND
        • comment php53-gd is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092004
        • comment php53-gd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196021
      • AND
        • comment php53-imap is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092024
        • comment php53-imap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196005
      • AND
        • comment php53-intl is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092038
        • comment php53-intl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196043
      • AND
        • comment php53-ldap is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092014
        • comment php53-ldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196031
      • AND
        • comment php53-mbstring is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092012
        • comment php53-mbstring is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196029
      • AND
        • comment php53-mysql is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092016
        • comment php53-mysql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196013
      • AND
        • comment php53-odbc is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092022
        • comment php53-odbc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196037
      • AND
        • comment php53-pdo is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092028
        • comment php53-pdo is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196011
      • AND
        • comment php53-pgsql is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092026
        • comment php53-pgsql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196007
      • AND
        • comment php53-process is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092018
        • comment php53-process is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196027
      • AND
        • comment php53-pspell is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092030
        • comment php53-pspell is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196039
      • AND
        • comment php53-snmp is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092010
        • comment php53-snmp is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196009
      • AND
        • comment php53-soap is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092032
        • comment php53-soap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196041
      • AND
        • comment php53-xml is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092036
        • comment php53-xml is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196035
      • AND
        • comment php53-xmlrpc is earlier than 0:5.3.3-1.el5_7.6
          oval oval:com.redhat.rhsa:tst:20120092034
        • comment php53-xmlrpc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110196017
    rhsa
    id RHSA-2012:0092
    released 2012-02-02
    severity Critical
    title RHSA-2012:0092: php53 security update (Critical)
  • bugzilla
    id 786686
    title CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment php is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093002
          • comment php is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730003
        • AND
          • comment php-devel is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093028
          • comment php-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730007
        • AND
          • comment php-domxml is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093020
          • comment php-domxml is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730021
        • AND
          • comment php-gd is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093012
          • comment php-gd is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730032
        • AND
          • comment php-imap is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093026
          • comment php-imap is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730009
        • AND
          • comment php-ldap is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093008
          • comment php-ldap is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730015
        • AND
          • comment php-mbstring is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093016
          • comment php-mbstring is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730025
        • AND
          • comment php-mysql is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093006
          • comment php-mysql is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730005
        • AND
          • comment php-ncurses is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093014
          • comment php-ncurses is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730027
        • AND
          • comment php-odbc is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093010
          • comment php-odbc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730013
        • AND
          • comment php-pear is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093024
          • comment php-pear is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730035
        • AND
          • comment php-pgsql is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093022
          • comment php-pgsql is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730011
        • AND
          • comment php-snmp is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093004
          • comment php-snmp is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730023
        • AND
          • comment php-xmlrpc is earlier than 0:4.3.9-3.36
            oval oval:com.redhat.rhsa:tst:20120093018
          • comment php-xmlrpc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060730019
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment php is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093031
          • comment php is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082003
        • AND
          • comment php-bcmath is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093057
          • comment php-bcmath is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082011
        • AND
          • comment php-cli is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093055
          • comment php-cli is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082019
        • AND
          • comment php-common is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093059
          • comment php-common is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082009
        • AND
          • comment php-dba is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093035
          • comment php-dba is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082007
        • AND
          • comment php-devel is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093063
          • comment php-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082021
        • AND
          • comment php-gd is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093039
          • comment php-gd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082035
        • AND
          • comment php-imap is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093061
          • comment php-imap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082031
        • AND
          • comment php-ldap is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093047
          • comment php-ldap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082029
        • AND
          • comment php-mbstring is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093065
          • comment php-mbstring is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082033
        • AND
          • comment php-mysql is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093049
          • comment php-mysql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082025
        • AND
          • comment php-ncurses is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093041
          • comment php-ncurses is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082013
        • AND
          • comment php-odbc is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093043
          • comment php-odbc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082037
        • AND
          • comment php-pdo is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093037
          • comment php-pdo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082027
        • AND
          • comment php-pgsql is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093067
          • comment php-pgsql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082023
        • AND
          • comment php-snmp is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093033
          • comment php-snmp is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082017
        • AND
          • comment php-soap is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093053
          • comment php-soap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082015
        • AND
          • comment php-xml is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093045
          • comment php-xml is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082039
        • AND
          • comment php-xmlrpc is earlier than 0:5.1.6-27.el5_7.5
            oval oval:com.redhat.rhsa:tst:20120093051
          • comment php-xmlrpc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070082005
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment php is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093073
          • comment php is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195006
        • AND
          • comment php-bcmath is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093119
          • comment php-bcmath is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195048
        • AND
          • comment php-cli is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093101
          • comment php-cli is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195044
        • AND
          • comment php-common is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093121
          • comment php-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195010
        • AND
          • comment php-dba is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093075
          • comment php-dba is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195054
        • AND
          • comment php-devel is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093099
          • comment php-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195032
        • AND
          • comment php-embedded is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093111
          • comment php-embedded is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195038
        • AND
          • comment php-enchant is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093083
          • comment php-enchant is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195026
        • AND
          • comment php-gd is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093105
          • comment php-gd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195056
        • AND
          • comment php-imap is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093079
          • comment php-imap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195040
        • AND
          • comment php-intl is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093109
          • comment php-intl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195030
        • AND
          • comment php-ldap is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093085
          • comment php-ldap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195046
        • AND
          • comment php-mbstring is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093087
          • comment php-mbstring is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195042
        • AND
          • comment php-mysql is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093077
          • comment php-mysql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195008
        • AND
          • comment php-odbc is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093081
          • comment php-odbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195020
        • AND
          • comment php-pdo is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093117
          • comment php-pdo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195018
        • AND
          • comment php-pgsql is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093103
          • comment php-pgsql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195014
        • AND
          • comment php-process is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093091
          • comment php-process is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195016
        • AND
          • comment php-pspell is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093107
          • comment php-pspell is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195028
        • AND
          • comment php-recode is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093093
          • comment php-recode is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195050
        • AND
          • comment php-snmp is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093123
          • comment php-snmp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195036
        • AND
          • comment php-soap is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093097
          • comment php-soap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195024
        • AND
          • comment php-tidy is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093115
          • comment php-tidy is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195012
        • AND
          • comment php-xml is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093089
          • comment php-xml is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195022
        • AND
          • comment php-xmlrpc is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093113
          • comment php-xmlrpc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195052
        • AND
          • comment php-zts is earlier than 0:5.3.3-3.el6_2.6
            oval oval:com.redhat.rhsa:tst:20120093095
          • comment php-zts is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195034
    rhsa
    id RHSA-2012:0093
    released 2012-02-02
    severity Critical
    title RHSA-2012:0093: php security update (Critical)
rpms
  • php53-0:5.3.3-1.el5_7.6
  • php53-bcmath-0:5.3.3-1.el5_7.6
  • php53-cli-0:5.3.3-1.el5_7.6
  • php53-common-0:5.3.3-1.el5_7.6
  • php53-dba-0:5.3.3-1.el5_7.6
  • php53-devel-0:5.3.3-1.el5_7.6
  • php53-gd-0:5.3.3-1.el5_7.6
  • php53-imap-0:5.3.3-1.el5_7.6
  • php53-intl-0:5.3.3-1.el5_7.6
  • php53-ldap-0:5.3.3-1.el5_7.6
  • php53-mbstring-0:5.3.3-1.el5_7.6
  • php53-mysql-0:5.3.3-1.el5_7.6
  • php53-odbc-0:5.3.3-1.el5_7.6
  • php53-pdo-0:5.3.3-1.el5_7.6
  • php53-pgsql-0:5.3.3-1.el5_7.6
  • php53-process-0:5.3.3-1.el5_7.6
  • php53-pspell-0:5.3.3-1.el5_7.6
  • php53-snmp-0:5.3.3-1.el5_7.6
  • php53-soap-0:5.3.3-1.el5_7.6
  • php53-xml-0:5.3.3-1.el5_7.6
  • php53-xmlrpc-0:5.3.3-1.el5_7.6
  • php-0:4.3.9-3.36
  • php-devel-0:4.3.9-3.36
  • php-domxml-0:4.3.9-3.36
  • php-gd-0:4.3.9-3.36
  • php-imap-0:4.3.9-3.36
  • php-ldap-0:4.3.9-3.36
  • php-mbstring-0:4.3.9-3.36
  • php-mysql-0:4.3.9-3.36
  • php-ncurses-0:4.3.9-3.36
  • php-odbc-0:4.3.9-3.36
  • php-pear-0:4.3.9-3.36
  • php-pgsql-0:4.3.9-3.36
  • php-snmp-0:4.3.9-3.36
  • php-xmlrpc-0:4.3.9-3.36
  • php-0:5.1.6-27.el5_7.5
  • php-bcmath-0:5.1.6-27.el5_7.5
  • php-cli-0:5.1.6-27.el5_7.5
  • php-common-0:5.1.6-27.el5_7.5
  • php-dba-0:5.1.6-27.el5_7.5
  • php-devel-0:5.1.6-27.el5_7.5
  • php-gd-0:5.1.6-27.el5_7.5
  • php-imap-0:5.1.6-27.el5_7.5
  • php-ldap-0:5.1.6-27.el5_7.5
  • php-mbstring-0:5.1.6-27.el5_7.5
  • php-mysql-0:5.1.6-27.el5_7.5
  • php-ncurses-0:5.1.6-27.el5_7.5
  • php-odbc-0:5.1.6-27.el5_7.5
  • php-pdo-0:5.1.6-27.el5_7.5
  • php-pgsql-0:5.1.6-27.el5_7.5
  • php-snmp-0:5.1.6-27.el5_7.5
  • php-soap-0:5.1.6-27.el5_7.5
  • php-xml-0:5.1.6-27.el5_7.5
  • php-xmlrpc-0:5.1.6-27.el5_7.5
  • php-0:5.3.3-3.el6_2.6
  • php-bcmath-0:5.3.3-3.el6_2.6
  • php-cli-0:5.3.3-3.el6_2.6
  • php-common-0:5.3.3-3.el6_2.6
  • php-dba-0:5.3.3-3.el6_2.6
  • php-devel-0:5.3.3-3.el6_2.6
  • php-embedded-0:5.3.3-3.el6_2.6
  • php-enchant-0:5.3.3-3.el6_2.6
  • php-gd-0:5.3.3-3.el6_2.6
  • php-imap-0:5.3.3-3.el6_2.6
  • php-intl-0:5.3.3-3.el6_2.6
  • php-ldap-0:5.3.3-3.el6_2.6
  • php-mbstring-0:5.3.3-3.el6_2.6
  • php-mysql-0:5.3.3-3.el6_2.6
  • php-odbc-0:5.3.3-3.el6_2.6
  • php-pdo-0:5.3.3-3.el6_2.6
  • php-pgsql-0:5.3.3-3.el6_2.6
  • php-process-0:5.3.3-3.el6_2.6
  • php-pspell-0:5.3.3-3.el6_2.6
  • php-recode-0:5.3.3-3.el6_2.6
  • php-snmp-0:5.3.3-3.el6_2.6
  • php-soap-0:5.3.3-3.el6_2.6
  • php-tidy-0:5.3.3-3.el6_2.6
  • php-xml-0:5.3.3-3.el6_2.6
  • php-xmlrpc-0:5.3.3-3.el6_2.6
  • php-zts-0:5.3.3-3.el6_2.6
refmap via4
apple APPLE-SA-2012-05-09-1
bid 51830
confirm
debian DSA-2403
hp
  • HPSBMU02786
  • HPSBUX02791
  • SSRT100856
  • SSRT100877
misc
mlist
  • [oss-security] 20120202 PHP remote code execution introduced via HashDoS fix
  • [oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix
osvdb 78819
sectrack 1026631
secunia
  • 47801
  • 47806
  • 47813
  • 48668
suse
  • SUSE-SU-2012:0411
  • openSUSE-SU-2012:0426
xf php-phpregistervariableex-code-exec(72911)
Last major update 21-07-2012 - 23:34
Published 06-02-2012 - 15:55
Last modified 08-01-2018 - 21:29
Back to Top