Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1019

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1019
Last Modified 16 Mar 2015 09:59:15
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1019

Summary

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Vulnerable Systems

Operating System

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

  • Ubuntu Linux 4.1

Application

  • Openpkg 2.1

  • Openpkg 2.2

  • Openpkg Current

  • Php 3.0

  • Php 3.0.1

  • Php 3.0.10

  • Php 3.0.11

  • Php 3.0.12

  • Php 3.0.13

  • Php 3.0.14

  • Php 3.0.15

  • Php 3.0.16

  • Php 3.0.17

  • Php 3.0.18

  • Php 3.0.2

  • Php 3.0.3

  • Php 3.0.4

  • Php 3.0.5

  • Php 3.0.6

  • Php 3.0.7

  • Php 3.0.8

  • Php 3.0.9

  • Php 4.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2


References

REDHAT - RHSA-2004:687

FEDORA - FLSA:2344

XF - php-unserialize-code-execution(18514)

HP - HPSBMA01212

REDHAT - RHSA-2005:816

REDHAT - RHSA-2005:032

CONFIRM - http://www.php.net/release_4_3_10.php

SUSE - SUSE-SA:2005:002

MANDRAKE - MDKSA-2004:151

MISC - http://www.hardened-php.net/advisories/012004.txt

OPENPKG - OpenPKG-SA-2004.053

BUGTRAQ - 20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5

SUSE - openSUSE-SU-2015:0325

SUSE - SUSE-SU-2015:0365


Last Updated: 27 May 2016 11:08:06