Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:13706
[Eng]
Version
9
Class
patch
ALTXid
27742
Language
Russian
Severity
NotAvailable
Title
Обновление USN-862-1 -- уязвимости php5
Description
Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. It was discovered that PHP"s php_openssl_apply_verification_policy function did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service. ATTENTION: This update changes previous PHP behaviour by limiting the number of files in a POST request to 50. This may be increased by adding a "max_file_uploads" directive to the php.ini configuration file. It was discovered that PHP did not properly enforce restrictions in the proc_open function. An attacker could exploit this issue to bypass safe_mode_protected_env_vars restrictions and possibly execute arbitrary code with application privileges
Family
unix
Platform
Ubuntu 6.06
Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
Product
php5
Reference
VENDOR: USN-862-1
VENDOR: USN-862-1
Id:
USN-862-1
Reference:
https://usn.ubuntu.com/usn/usn-862-1
CVE: CVE-2009-4018
CVE: CVE-2009-4018
Id:
CVE-2009-4018
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4018
Comment
: The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://bugs.php.net/bug.php?id=49026 (CONFIRM)
SSRT100152 (HP)
[oss-security] 20091122 Re: CVE request: php 5.3.1 update (MLIST)
[oss-security] 20091123 Re: CVE request: php 5.3.1 - proc_open() bypass PHP Bug #49026 [was: Re: CVE request: php 5.3.1 update] (MLIST)
40262 (SECUNIA)
41480 (SECUNIA)
41490 (SECUNIA)
http://svn.php.net/viewvc/?view=revision&revision=286360 (CONFIRM)
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360 (CONFIRM)
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360 (CONFIRM)
SSRT100219 (HP)
MDVSA-2009:303 (MANDRIVA)
[oss-security] 20091123 Re: CVE request: php 5.3.1 - proc_open() bypass PHP Bug #49026 [was: Re: CVE request: php 5.3.1 update] (MLIST)
http://www.php.net/ChangeLog-5.php (CONFIRM)
37138 (BID)
oval:org.mitre.oval:def:7256 (OVAL)
CVE: CVE-2009-4017
CVE: CVE-2009-4017
Id:
CVE-2009-4017
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
Comment
: PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
http://www.php.net/ChangeLog-5.php (CONFIRM)
[oss-security] 20091120 Re: CVE request: php 5.3.1 update (MLIST)
20091120 PHP "multipart/form-data" denial of service (FULLDISC)
[php-announce] 20091119 5.3.1 Release announcement (MLIST)
http://www.php.net/releases/5_3_1.php (CONFIRM)
[oss-security] 20091120 CVE request: php 5.3.1 update (MLIST)
37482 (SECUNIA)
MDVSA-2009:305 (MANDRIVA)
DSA-1940 (DEBIAN)
MDVSA-2009:303 (MANDRIVA)
37821 (SECUNIA)
http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/ (MISC)
http://www.php.net/releases/5_2_12.php (CONFIRM)
ADV-2009-3593 (VUPEN)
APPLE-SA-2010-03-29-1 (APPLE)
http://support.apple.com/kb/HT4077 (CONFIRM)
40262 (SECUNIA)
HPSBUX02543 (HP)
41490 (SECUNIA)
HPSBMA02568 (HP)
41480 (SECUNIA)
php-multipart-formdata-dos(54455) (XF)
oval:org.mitre.oval:def:6667 (OVAL)
oval:org.mitre.oval:def:10483 (OVAL)
20091120 PHP "multipart/form-data" denial of service (BUGTRAQ)
CVE: CVE-2009-3558
CVE: CVE-2009-3558
Id:
CVE-2009-3558
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558
Comment
: The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
APPLE-SA-2010-03-29-1 (APPLE)
[php-announce] 20091119 5.3.1 Release announcement (MLIST)
37412 (SECUNIA)
37821 (SECUNIA)
6600 (SREASON)
http://support.apple.com/kb/HT4077 (CONFIRM)
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log (CONFIRM)
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log (CONFIRM)
http://svn.php.net/viewvc?view=revision&revision=288943 (CONFIRM)
MDVSA-2009:285 (MANDRIVA)
MDVSA-2009:302 (MANDRIVA)
MDVSA-2009:303 (MANDRIVA)
[oss-security] 20091120 CVE request: php 5.3.1 update (MLIST)
[oss-security] 20091120 Re: CVE request: php 5.3.1 update (MLIST)
[oss-security] 20091120 Re: CVE request: php 5.3.1 update (MLIST)
http://www.php.net/ChangeLog-5.php (CONFIRM)
http://www.php.net/releases/5_2_12.php (CONFIRM)
http://www.php.net/releases/5_3_1.php (CONFIRM)
ADV-2009-3593 (VUPEN)
CVE: CVE-2009-3557
CVE: CVE-2009-3557
Id:
CVE-2009-3557
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557
Comment
: The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
APPLE-SA-2010-03-29-1 (APPLE)
SSRT100152 (HP)
[php-announce] 20091119 5.3.1 Release announcement (MLIST)
37412 (SECUNIA)
37821 (SECUNIA)
40262 (SECUNIA)
6601 (SREASON)
http://support.apple.com/kb/HT4077 (CONFIRM)
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log (CONFIRM)
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log (CONFIRM)
http://svn.php.net/viewvc?view=revision&revision=288945 (CONFIRM)
MDVSA-2009:285 (MANDRIVA)
MDVSA-2009:302 (MANDRIVA)
MDVSA-2009:303 (MANDRIVA)
[oss-security] 20091120 CVE request: php 5.3.1 update (MLIST)
[oss-security] 20091120 Re: CVE request: php 5.3.1 update (MLIST)
[oss-security] 20091120 Re: CVE request: php 5.3.1 update (MLIST)
http://www.php.net/ChangeLog-5.php (CONFIRM)
http://www.php.net/releases/5_2_12.php (CONFIRM)
http://www.php.net/releases/5_3_1.php (CONFIRM)
ADV-2009-3593 (VUPEN)
oval:org.mitre.oval:def:7396 (OVAL)
CVE: CVE-2009-3292
CVE: CVE-2009-3292
Id:
CVE-2009-3292
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
Comment
: Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
APPLE-SA-2009-11-09-1 (APPLE)
SUSE-SR:2009:017 (SUSE)
HPSBUX02543 (HP)
HPSBOV02683 (HP)
[php-announce] 20091119 5.3.1 Release announcement (MLIST)
36791 (SECUNIA)
37412 (SECUNIA)
37482 (SECUNIA)
40262 (SECUNIA)
http://support.apple.com/kb/HT3937 (CONFIRM)
DSA-1940 (DEBIAN)
MDVSA-2009:302 (MANDRIVA)
[oss-security] 20091120 CVE request: php 5.3.1 update (MLIST)
[oss-security] 20091120 Re: CVE request: php 5.3.1 update (MLIST)
58186 (OSVDB)
http://www.php.net/ChangeLog-5.php (CONFIRM)
http://www.php.net/ChangeLog-5.php#5.2.11 (CONFIRM)
http://www.php.net/releases/5_2_11.php (CONFIRM)
http://www.php.net/releases/5_3_1.php (CONFIRM)
1022914 (SECTRACK)
ADV-2009-3184 (VUPEN)
oval:org.mitre.oval:def:7652 (OVAL)
oval:org.mitre.oval:def:9982 (OVAL)
CVE: CVE-2009-3291
CVE: CVE-2009-3291
Id:
CVE-2009-3291
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
Comment
: The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
20 (Improper Input Validation)
References:
APPLE-SA-2009-11-09-1 (APPLE)
SUSE-SR:2009:017 (SUSE)
SSRT100152 (HP)
HPSBOV02683 (HP)
36791 (SECUNIA)
37482 (SECUNIA)
40262 (SECUNIA)
http://support.apple.com/kb/HT3937 (CONFIRM)
DSA-1940 (DEBIAN)
58185 (OSVDB)
http://www.php.net/ChangeLog-5.php#5.2.11 (CONFIRM)
http://www.php.net/releases/5_2_11.php (CONFIRM)
1022914 (SECTRACK)
ADV-2009-3184 (VUPEN)
php-certificate-unspecified(53334) (XF)
oval:org.mitre.oval:def:10438 (OVAL)
oval:org.mitre.oval:def:7394 (OVAL)
CVE: CVE-2008-7068
CVE: CVE-2008-7068
Id:
CVE-2008-7068
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7068
Comment
: The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE:
20 (Improper Input Validation)
References:
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314& (CONFIRM)
20081127 PHP 5.2.6 dba_replace() destroying file (SREASONRES)
52206 (OSVDB)
20081127 SecurityReason : PHP 5.2.6 dba_replace() destroying file (BUGTRAQ)
20081206 Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file (BUGTRAQ)
20081206 Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file (BUGTRAQ)
php-dbareplace-file-corruption(47316) (XF)
Content available only for registered users!
ovaldb@altx-soft.com