CVE-2011-0421 – PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2011-0421
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. La función _zip_name_locate en zip_name_locate.c en la extensión Zip en PHP en versiones anteriores a 5.3.6 no maneja adecuadamente un argumento ZIPARCHIVE::FL_UNCHANGED, lo que podría permitir a atacantes dependientes del contexto provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo ZIP vacío que es procesado con una operación (1) locateName or (2) statName. libzip version 0.9.3 allows remote and local attackers to trigger a denial of service condition via a null pointer dereference if ZIP_FL_UNCHANGED flag is set. • https://www.exploit-db.com/exploits/17004 http://bugs.php.net/bug.php?id=53885 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://marc.info/?l= •
CVE-2011-1148 – php: use-after-free vulnerability in substr_replace()
https://notcve.org/view.php?id=CVE-2011-1148
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. Vulnerabilidad de uso después de la liberación en la función substr_replace en PHP v5.3.6 y anteriores, permite a atacantes remotos producir una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto utilizando la misma variable para múltiples argumentos. • http://bugs.php.net/bug.php?id=54238 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://openwall.com/lists/oss-security/2011/03/13/2 http://openwall.com/lists/oss-security/2011/03/13/3 http://openwall.com/lists/oss-security/2011/03/13/9 http://support.apple.com/kb/HT5130 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://www.php.net/ChangeLog-5.php#5& • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2011-1153
https://notcve.org/view.php?id=CVE-2011-1153
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. Múltiples vulnerabilidades de formato de cadena en phar_object.c en la extensión phar en PHP v5.3.5 y anteriores, permite a atacantes dependiendo del contexto, obtener información sensible de los procesos de memoria, provocar una denegación de servicio (corrupción de memoria), o posiblemente ejecutar código arbitrario a través de las especificaciones de cadena en el argumento del método de class, anterior a una llamada zend_throw_exception_ex incorrecta. • http://bugs.php.net/bug.php?id=54247 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://openwall.com/lists/oss-security/2011/03/14/13 http://openwall.com/lists/oss-security/2011/03/14/14 http://openwall.com/list • CWE-134: Use of Externally-Controlled Format String •
CVE-2011-1092 – PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2011-1092
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. Desbordamiento de entero en ext/shmop/shmop.c en PHP antes de v5.3.6, permite a usuarios locales o remotos provocar una denegación de servicio (caida) y posiblemente leer información sensible de la memoria a través de largos argumentos en la funcion shmop_read • https://www.exploit-db.com/exploits/16966 http://bugs.php.net/bug.php?id=54193 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://securityreason.com/securityalert/8130 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018 http://www.exploit-db.com/exploits/16966 http://www.mandriva.com/secur • CWE-189: Numeric Errors •
CVE-2011-0708 – PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-0708
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. exif.c en la extensión Exif en PHP anterior a v5.3.6 en plataformas de 64 bits realiza una asociación incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una imagen con una Image File Directory (IFD) que provoca una sobre lectura del búfer. PHP versions 5.3.5 and below are susceptible to a denial of service condition in the Exif extension exif_read_data() function. • https://www.exploit-db.com/exploits/16261 http://bugs.php.net/bug.php?id=54002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://openwall.com/lists/oss-security/2011 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •