PHP 5.3 < 5.3.4 Multiple Vulnerabilities


According to its banner the version of PHP installed on the remote host is 5.3.x earlier than 5.3.4. Such versions are potentially affected by multiple vulnerabilities : - A crash in the zip extract method. - A stack buffer overflow in impagepstext() of the GD extension. - An unspecified vulnerability related to symbolic resolution when using a DFS share. - A security bypass vulnerability related to using pathnames containing NULL bytes. (CVE-2006-7243) - Multiple format string vulnerabilities. (CVE-2010-2094, CVE-2010-2950) - An unspecified security bypass vulnerability in open_basedir(). (CVE-2010-3436) - A NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709) - Memory corruption in php_filter_validate_email(). (CVE-2010-3710) - An input validation vulnerability in xml_utf8_decode(). (CVE-2010-3870) - A possible double free in the IMAP extension. (CVE-2010-4150) - An information disclosure vulnerability in 'mb_strcut()'. (CVE-2010-4156) - An integer overflow vulnerability in 'getSymbol()'. (CVE-2010-4409) - A use-after-free vulnerability in the Zend engine when a '__set()', '__get()', '__isset()' or '__unset()' method is called can allow for a denial of service attack. (Bug #52879 / CVE-2010-4697) - A stack-based buffer overflow exists in the 'imagepstext()' function in the GD extension. (Bug #53492 / CVE-2010-4698) - The 'iconv_mime_decode_headers()' function in the iconv extension fails to properly handle encodings that are not recognized by the iconv and mbstring implementations. (Bug #52941 / CVE-2010-4699) - The 'set_magic_quotes_runtime()' function when the MySQLi extension is used does not properly interact with the 'mysqli_fetch_assoc()' function. (Bug #52221 / CVE-2010-4700) - A race condition exists in the PCNTL extension. (CVE-2011-0753) - The SplFileInfo::getType function in the Standard PHP Library extension does not properly detect symbolic links. (CVE-2011-0754) - An integer overflow exists in the mt_rand function. (CVE-2011-0755)