PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
BID:51417
Info
PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
| Bugtraq ID: | 51417 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2011-4153 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 14 2012 12:00AM |
| Updated: | Aug 19 2013 08:27AM |
| Credit: | Maksymilian Arciemowicz |
| Vulnerable: |
Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Turbolinux Client 2008 Turbolinux Appliance Server 3.0 x64 Turbolinux Appliance Server 3.0 SuSE SUSE Linux Enterprise Server for VMware 11 SP2 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise Server 10 SP4 SuSE SUSE Linux Enterprise Server 10 SP3 LTSS SuSE SUSE Linux Enterprise SDK 11 SP2 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise SDK 10 SP4 RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux 5 Server PHP PHP 5.3.8 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 HP System Management Homepage 7.0 HP System Management Homepage 6.3 HP System Management Homepage 6.2 HP System Management Homepage 6.1 HP System Management Homepage 6.0 HP HP-UX B.11.31 HP HP-UX B.11.23 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya IP Office Application Server 8.1 Avaya IP Office Application Server 8.0 Avaya IP Office Application Server 7.0 Avaya IP Office Application Server 6.1 Avaya IP Office Application Server 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 Avaya Aura Communication Manager 6.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 |
| Not Vulnerable: | |
Discussion
PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
PHP is prone to multiple denial-of-service vulnerabilities caused by a NULL-pointer dereference.
An attacker can exploit these issues to cause an application written in PHP to crash, denying service to legitimate users.
PHP 5.3.8 is vulnerable; other versions may also be affected.
PHP is prone to multiple denial-of-service vulnerabilities caused by a NULL-pointer dereference.
An attacker can exploit these issues to cause an application written in PHP to crash, denying service to legitimate users.
PHP 5.3.8 is vulnerable; other versions may also be affected.
Exploit / POC
PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
An attacker can use readily available tools to exploit these issues.
An attacker can use readily available tools to exploit these issues.
Solution / Fix
PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
References:
References:
- PHP 5.3.8 Multiple vulnerabilities (Maksymilian Arciemowicz)
- PHP Homepage (PHP)