CVE-2011-3267
https://notcve.org/view.php?id=CVE-2011-3267
PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. PHP antes de v5.3.7 no aplica correctamente la función error_log, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://osvdb.org/74739 http://support.apple.com/kb/HT5130 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://www.php.net/ChangeLog-5.php#5.3.7 http://www.php.net/archive/2011.php#id2011-08-18-1 http://www.securityfocus.com/bid/49241 https://exchange.xforce.ibmcloud.com/vulnerabilities/69428 • CWE-399: Resource Management Errors •
CVE-2011-3189
https://notcve.org/view.php?id=CVE-2011-3189
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. La función de cifrado en PHP v5.3.7, cuando el tipo de hash MD5 se utiliza, se devuelve el valor del argumento en vez de la cadena hash, lo que podría permitir a atacantes remotos evitar la autenticación a través de una contraseña arbitraria, una vulnerabilidad diferente a CVE-2011-2483. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://osvdb.org/74726 http://secunia.com/advisories/45678 http://support.apple.com/kb/HT5130 http://www.openwall.com/lists/oss-security/2011/08/23/4 http://www.php.net/ChangeLog-5.php#5.3.8 http://www.php.net/archive/2011.php#id2011-08-23-1 https://bugs.gentoo.org/show_bug.cgi?id=380261 https://bugs.php.net/bug.php?id=55439 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-310: Cryptographic Issues •
CVE-2011-3182 – PHP < 5.3.7 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-3182
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. PHP anterior a 5.3.7 no comprueba correctamente valores de retorno en las funciones malloc, calloc, y realloc, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (desreferenciar un puntero NULL y caída de la aplicación) o provocar un desbordamiento de búfer elevando la abilidad de proporcionar un valor de su elección para un argumento de una función, relacionado con (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, y (11) la función strtotime. • https://www.exploit-db.com/exploits/36070 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://marc.info/?l=full-disclosure&m=131373057621672&w=2 http://securityreason.com/achievement_securityalert/101 http://support.apple.com/kb/HT5130 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://www.openwall.com/lists/oss-security/2011/08/22/9 http://www.securityfocus.com/bid/49249 https://exchange.xforce.ibmcloud.com/vulnerabilities/69430 •
CVE-2011-2483 – crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
https://notcve.org/view.php?id=CVE-2011-2483
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. crypt_blowfish en versiones anteriores a 1.1, como se utiliza en PHP en versiones anteriores a 5.3.7 en ciertas plataformas, PostgreSQL en versiones anteriores a 8.4.9 y otros productos, no maneja adecuadamente caracteres de 8-bit, lo que hace más fácil a atacantes dependientes de contexto determinar una contraseña en texto plano aprovechando el conocimiento del hash de una contraseña. • http://freshmeat.net/projects/crypt_blowfish http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html http://php.net/security/crypt_blowfish http://support.apple.com/kb/HT5130 http://www.debian.org/security/2011/dsa-2340 http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 • CWE-310: Cryptographic Issues •
CVE-2011-1657
https://notcve.org/view.php?id=CVE-2011-1657
The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND. Las funciones (1) ZipArchive::addGlob y (2) ZipArchive::addPattern en ext/zip/php_zip.c en PHP v5.3.6 permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de la aplicación) a través de ciertos argumentos bandera, como se demostró por (a) GLOB_ALTDIRFUNC y (b) GLOB_APPEND. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://securityreason.com/achievement_securityalert/100 http://securityreason.com/securityalert/8342 http://support.apple.com/kb/HT5130 http://svn.php.net/viewvc/?view=revision&revision=310814 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://www.openwall.com/lists/oss-security/2011/07/01/6 http: • CWE-399: Resource Management Errors •