CVE-2011-1092 – PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2011-1092
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. Desbordamiento de entero en ext/shmop/shmop.c en PHP antes de v5.3.6, permite a usuarios locales o remotos provocar una denegación de servicio (caida) y posiblemente leer información sensible de la memoria a través de largos argumentos en la funcion shmop_read • https://www.exploit-db.com/exploits/16966 http://bugs.php.net/bug.php?id=54193 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://securityreason.com/securityalert/8130 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018 http://www.exploit-db.com/exploits/16966 http://www.mandriva.com/secur • CWE-189: Numeric Errors •
CVE-2011-0708 – PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-0708
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. exif.c en la extensión Exif en PHP anterior a v5.3.6 en plataformas de 64 bits realiza una asociación incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una imagen con una Image File Directory (IFD) que provoca una sobre lectura del búfer. PHP versions 5.3.5 and below are susceptible to a denial of service condition in the Exif extension exif_read_data() function. • https://www.exploit-db.com/exploits/16261 http://bugs.php.net/bug.php?id=54002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://openwall.com/lists/oss-security/2011 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0420 – PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2011-0420
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. La función grapheme_extract en la extensión de Internacionalización (Intl) para ICU para PHP v5.3.5 permite provocar una denegación de servicio (con caída de la aplicación) a atacantes dependientes del contexto a través de un argumento de tamaño no válido, lo que provoca una desreferencia de puntero NULL. PHP version 5.2.5 suffers from a grapheme_extract() null pointer dereference vulnerability. • https://www.exploit-db.com/exploits/16182 https://www.exploit-db.com/exploits/35354 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://securityreason.com/achievement_securityalert/94 http://securityreason.com/securityalert/8087 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449 http://www.debian.org/security/2011/dsa-2266 http://www.exploit-db.com& •
CVE-2011-0754
https://notcve.org/view.php?id=CVE-2011-0754
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. La función SplFileInfo::getType PHP Library (SPL) en la extensión en PHP anterior a v5.3.4 en Windows no detecta correctamente los enlaces simbólicos, lo que podría facilitar a los usuarios locales el realizar ataques de enlace simbólico mediante el aprovechamiento de las diferencias entre plataformas en el estructura stat, relacionada con la falta de un control FILE_ATTRIBUTE_REPARSE_POINT. • http://bugs.php.net/51763 http://www.php.net/ChangeLog-5.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65429 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2011-0752
https://notcve.org/view.php?id=CVE-2011-0752
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. La función Extract en PHP anteriores a v5.2.15 no previenen la utilización del parámetro EXTR_OVERWRITE para sobreescribir (1) la tabla superglobal GLOBALS y (2) la variable this, lo que permite a atacantes dependientes de contexto eludir las restricciones de acceso previsto por la modificación de estructuras de datos que no estaban destinadas a depender de entradas externas, relacionado con CVE-2005-2691 y CVE-2006 3758. • http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://www.openwall.com/lists/oss-security/2010/12/13/4 http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2010.php#id2010-12-10-1 http://www.php.net/releases/5_2_15.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65432 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12016 • CWE-20: Improper Input Validation •