Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4153

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4153
Last Modified 21 Jul 2012 11:31:24
Published 18 Jan 2012 03:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4153

Summary

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

Vulnerable Systems

Application

  • Php 5.3.8


References

EXPLOIT-DB - 18370

MISC - http://cxsecurity.com/research/103

BUGTRAQ - 20120114 PHP 5.3.8 Multiple vulnerabilities

SECUNIA - 48668

SUSE - openSUSE-SU-2012:0426

HP - HPSBMU02786

HP - SSRT100877

HP - HPSBUX02791

HP - SSRT100856

Related Patches

Red Hat 2012:1045-01 RHSA Moderate: php security update for RHEL 5 x86

Red Hat 2012:1045-01 RHSA Moderate: php security update for RHEL 5 x86_64

Red Hat 2012:1047-01 RHSA Moderate: php53 security update for RHEL 5 x86

Red Hat 2012:1047-01 RHSA Moderate: php53 security update for RHEL 5 x86_64

Novell SUSE 2012:5958 apache2-mod_php53 security update for SLES 11 SP2 i586

Novell SUSE 2012:5958 apache2-mod_php53 security update for SLES 11 SP2 x86_64

Novell SUSE 2012:5964 apache2-mod_php5 security update for SLES 11 SP1 x86_64

Novell SUSE 2012:5964 apache2-mod_php5 security update for SLES 11 SP1 i586

Novell SUSE 2012:8009 apache2-mod_php5 security update for SLES 10 SP4 i586

Novell SUSE 2012:8009 apache2-mod_php5 security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 10:58:04