Lucene search

K
freebsdFreeBSD27D01223-C457-11DD-A721-0030843D3802
HistoryDec 04, 2008 - 12:00 a.m.

php -- multiple vulnerabilities

2008-12-0400:00:00
vuxml.freebsd.org
15

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.048 Low

EPSS

Percentile

92.5%

Secunia reports:

Some vulnerabilities have been reported in PHP, where some have an
unknown impact and others can potentially be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
An input validation error exists within the
“ZipArchive::extractTo()” function when extracting ZIP archives.
This can be exploited to extract files to arbitrary locations
outside the specified directory via directory traversal sequences in
a specially crafted ZIP archive.
An error in the included PCRE library can be exploited to cause a
buffer overflow.
The problem is that the “BG(page_uid)” and “BG(page_gid)” variables
are not initialized. No further information is currently
available.
The problem is that the “php_value” order is incorrect for Apache
configurations. No further information is currently available.
An error in the GD library can be exploited to cause a crash via a
specially crafted font file.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphp5< 5.2.7UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.048 Low

EPSS

Percentile

92.5%

Related for 27D01223-C457-11DD-A721-0030843D3802