[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:022 -- Mandriva php

ID: oval:org.secpod.oval:def:300482Date: (C)2012-01-07   (M)2017-10-04
Class: PATCHFamily: unix




A vulnerability in PHP allowed context-dependent attackers to cause a denial of service via a certain long string in the glob or fnmatch functions . A vulnerability in the cURL library in PHP allowed context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files using a special URL request . An integer overflow in PHP allowed context-dependent attackers to cause a denial of serivce via a special printf format parameter . A stack-based buffer overflow in the FastCGI SAPI in PHP has unknown impact and attack vectors . A buffer overflow in the imageloadfont function in PHP allowed context-dependent attackers to cause a denial of service and potentially execute arbitrary code via a crafted font file . A buffer overflow in the memnstr function allowed context-dependent attackers to cause a denial of service and potentially execute arbitrary code via the delimiter argument to the explode function . PHP, when used as a FastCGI module, allowed remote attackers to cause a denial of service via a request with multiple dots preceding the extension . An array index error in the imageRotate function in PHP allowed context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument to the function for an indexed image . The updated packages have been patched to correct these issues.

Platform:
Mandriva Linux 2008.0
Product:
php
Reference:
MDVSA-2009:022
CVE-2008-5498
CVE-2008-3660
CVE-2008-3659
CVE-2008-3658
CVE-2008-2050
CVE-2008-1384
CVE-2007-4850
CVE-2007-4782
CVE    8
CVE-2007-4850
CVE-2008-1384
CVE-2008-2050
CVE-2008-3659
...
CPE    1
cpe:/o:mandriva:linux:2008.0

© 2013 SecPod Technologies