UbuntuUSN-1042-1PHP vulnerabilities
9.8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.078 Low
EPSS
Percentile
94.2%
Releases
- Ubuntu 10.10
- Ubuntu 10.04
- Ubuntu 9.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- php5 -
Details
It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,
and Ubuntu 9.10. (CVE-2009-5016)
It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences
in UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)
It was discovered that attackers might be able to bypass open_basedir()
restrictions by passing a specially crafted filename. (CVE-2010-3436)
Maksymilian Arciemowicz discovered that a NULL pointer derefence in the
ZIP archive handling code could allow an attacker to cause a denial
of service through a specially crafted ZIP archive. This issue only
affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-3709)
It was discovered that a stack consumption vulnerability in the
filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could
allow a remote attacker to cause a denial of service. This issue
only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and
Ubuntu 10.10. (CVE-2010-3710)
It was discovered that the mb_strcut function in the Libmbfl
library within PHP could allow an attacker to read arbitrary memory
within the application process. This issue only affected Ubuntu
10.10. (CVE-2010-4156)
Maksymilian Arciemowicz discovered that an integer overflow in the
NumberFormatter::getSymbol function could allow an attacker to cause
a denial of service. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 10.10. (CVE-2010-4409)
Rick Regan discovered that when handing PHP textual representations
of the largest subnormal double-precision floating-point number,
the zend_strtod function could go into an infinite loop on 32bit
x86 processors, allowing an attacker to cause a denial of service.
(CVE-2010-4645)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.10 | noarch | php5-cli | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libapache2-mod-php5 | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libapache2-mod-php5filter | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | php5-cgi | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | php5-common | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | php5-curl | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | php5-dbg | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | php5-dev | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | php5-gd | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
| Ubuntu | 9.10 | noarch | php5-gmp | < 5.2.10.dfsg.1-2ubuntu6.6 | UNKNOWN |
Related
9.8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.078 Low
EPSS
Percentile
94.2%