PHP 5.2.x < 5.2.15 Multiple Vulnerabilities

According to its banner the version of PHP installed on the remote host is earlier than 5.2.15. Such versions are potentially affected by multiple vulnerabilities :

• A crash in the zip extract method.

• A possible double free exists in the IMAP extension. (CVE-2010-4150)

• An unspecified flaw exists in ‘open_basedir’. (CVE-2010-3436)

• A possible crash could occur in ‘mssql_fetch_batch()’.

• A NULL pointer dereference exists in ‘zipArchive::getArchiveComment’. (CVE-2010-3709)

• A crash exists if anti-aliasing steps are invalid. (Bug 53492)

• A crash exists in pdo_firebird get_Attribute(). (Bug 53323)

• A use-after-free vulnerability in the Zend engine when a ‘__set()’, ‘__get()’, or ‘__unset()’ method is called can allow for a denial of service attack. (Bug #52879 / CVE-2010-4697)

• A stack-based buffer overflow exists in the ‘imagepstext()’ function in the GD extension. (Bug #53492 / CVE-2010-4698)

• The extract function does not prevent use of the EXTR_OVERWRITE parameter to overwrite the GLOBALS superglobal array and the ‘this’ variable, which allows attackers to bypass intended access restrictions. (CVE-2011-0752)