Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0830

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0830
Last Modified 21 Jul 2012 11:34:57
Published 06 Feb 2012 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0830

Summary

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Vulnerable Systems

Application

  • Php 5.3.9


References

MISC - https://gist.github.com/1725489

XF - php-phpregistervariableex-code-exec(72911)

BID - 51830

CONFIRM - http://www.php.net/ChangeLog-5.php#5.3.10

OSVDB - 78819

MISC - http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html

MISC - http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/

CONFIRM - http://svn.php.net/viewvc?view=revision&revision=323007

SECTRACK - 1026631

SECUNIA - 47806

MLIST - [oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix

MLIST - [oss-security] 20120202 PHP remote code execution introduced via HashDoS fix

DEBIAN - DSA-2403

SECUNIA - 47813

SECUNIA - 47801

REDHAT - RHSA-2012:0092

CONFIRM - http://support.apple.com/kb/HT5281

APPLE - APPLE-SA-2012-05-09-1

SECUNIA - 48668

SUSE - openSUSE-SU-2012:0426

HP - HPSBMU02786

HP - SSRT100877

HP - HPSBUX02791

HP - SSRT100856

Related Patches

Apple 2012-05-09 Mac OS X 10.7.4 Combo Update

Apple 2012-05-09 Mac OS X Server 10.7.4 Combo Update

Apple 2012-05-09 Mac OS X 10.7.4 Update

Apple 2012-05-09 Mac OS X Server 10.7.4 Update

Red Hat 2012:0092-01 RHSA Critical: php53 security update for RHEL 5 x86

Red Hat 2012:0092-01 RHSA Critical: php53 security update for RHEL 5 x86_64

Red Hat 2012:0093-01 RHSA Critical: php security update for RHEL 5 x86

Red Hat 2012:0093-01 RHSA Critical: php security update for RHEL 4 x86

Red Hat 2012:0093-01 RHSA Critical: php security update for RHEL 4 x86_64

Red Hat 2012:0093-01 RHSA Critical: php security update for RHEL 5 x86_64

Novell SUSE 2012:5964 apache2-mod_php5 security update for SLES 11 SP1 x86_64

Novell SUSE 2012:5964 apache2-mod_php5 security update for SLES 11 SP1 i586

Novell SUSE 2012:8009 apache2-mod_php5 security update for SLES 10 SP4 i586

Novell SUSE 2012:8009 apache2-mod_php5 security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:36