K15903 : Multiple PHP vulnerabilities

Security Advisory Description

Description

• CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

• CVE-2012-2329

Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.

• CVE-2011-1938

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

• CVE-2012-2143

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

• CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

• CVE-2010-2950

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.

Impact

None. No F5 products are affected by these vulnerabilities.

Status

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product	Versions known to be vulnerable	Versions known to be not vulnerable	Vulnerable component or feature
BIG-IP LTM	None
11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP AAM	None	11.4.0 - 11.6.0
None
BIG-IP AFM	None	11.3.0 - 11.6.0
None
BIG-IP Analytics	None	11.0.0 - 11.6.0
None
BIG-IP APM	None	11.0.0 - 11.6.0
10.1.0 - 10.2.4
None
BIG-IP ASM	None	11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP Edge Gateway
None	11.0.0 - 11.3.0
10.1.0 - 10.2.4
None
BIG-IP GTM	None	11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP Link Controller	None
11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP PEM	None
11.3.0 - 11.6.0
None
BIG-IP PSM	None	11.0.0 - 11.4.1
10.0.0 - 10.2.4
None
BIG-IP WebAccelerator	None	11.0.0 - 11.3.0
10.0.0 - 10.2.4
None
BIG-IP WOM	None	11.0.0 - 11.3.0
10.0.0 - 10.2.4
None
ARX	None	6.0.0 - 6.4.0
None
Enterprise Manager	None	3.0.0 - 3.1.1
2.1.0 - 2.3.0
None
FirePass	None	7.0.0
6.0.0 - 6.1.0
None
BIG-IQ Cloud	None
4.0.0 - 4.4.0
None
BIG-IQ Device	None
4.2.0 - 4.4.0
None
BIG-IQ Security	None
4.0.0 - 4.4.0
None
LineRate	None	2.2.0 - 2.5.0
1.6.0 - 1.6.4	None
WebSafe	None	1.0.0	None

Recommended action

None

Supplemental Information

• K9970: Subscribing to email notifications regarding F5 products
• K9957: Creating a custom RSS feed to view new and updated documents.
• K4602: Overview of the F5 security vulnerability response policy
• K4918: Overview of the F5 critical issue hotfix policy
• K167: Downloading software and firmware from F5