Multiple PHP vulnerabilities


PHP has been cited with the following multiple vulnerabilities, which may be locally exploitable on some F5 products: * [CVE-2006-7243 ](<https://vulners.com/cve/CVE-2006-7243>) PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. * [CVE-2007-3799](<https://vulners.com/cve/CVE-2007-3799>) The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. * [CVE-2010-3710](<https://vulners.com/cve/CVE-2010-3710>) Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. * [CVE-2010-3870](<https://vulners.com/cve/CVE-2010-3870>) The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. * [CVE-2010-4697](<https://vulners.com/cve/CVE-2010-4697>) Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. * [CVE-2011-1470](<https://vulners.com/cve/CVE-2011-1470>) The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. * [CVE-2011-3182](<https://vulners.com/cve/CVE-2011-3182>) PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. * [CVE-2011-3267](<https://vulners.com/cve/CVE-2011-3267>) PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. * [CVE-2011-3268](<https://vulners.com/cve/CVE-2011-3268>) Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. * [CVE-2011-4566](<https://vulners.com/cve/CVE-2011-4566>) Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. * [CVE-2012-0830](<https://vulners.com/cve/CVE-2012-0830>) The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. Impact Local vulnerabilities are exploitable only by an authenticated user accessing the system using the administrative interface. For potential impact for each vulnerability, refer to the CVE details.

Affected Software

CPE Name Name Version
big-ip ltm 11.1.0
big-ip gtm 11.1.0
big-ip asm 11.1.0
big-ip link controller 11.1.0
big-ip psm 11.1.0
big-ip wom 11.1.0
big-ip apm 11.1.0
big-ip edge gateway 11.1.0
big-ip analytics 11.1.0
firepass 7.x