PHP 5.3.x < 5.3.1 Multiple Vulnerabilities

2009-11-2500:00:00

Tenable

www.tenable.com

JSON

According to its banner, the version of PHP 5.3.x installed on the remote host is earlier than 5.3.1. Such versions are potentially affected by multiple issues :

Sanity checks are missing in exif processing.
It is possible to bypass the ‘safe_mode’ configuration setting using ‘tempnam()’.
It is possible to bypass the ‘open_basedir’ configuration setting using ‘posix_mkfifo()’.
The ‘safe_mode_include_dir’ configuration setting may be ignored.
Calling ‘popen()’ with an invalid mode can cause a crash.
A safe_mode restriction-bypass vulnerability because environment variables specified for ‘proc_open’ are passed without checking them.

Binary data 5242.prm

VendorProductVersionCPE
phpphpcpe:/a:php:php

Vendor	Product	Version	CPE
php	php		cpe:/a:php:php

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3559

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4018

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1128

www.php.net/ChangeLog-5.php#5.3.1

www.php.net/releases/5_3_1.php

www.securityfocus.com/archive/1/507982/30/0/threaded

JSON