Articles

The month of PHP security overview

  • Ecrit par Damien Seguy
Image pour le titre du contenu

Ce document est aussi disponible en français fr 

Here is an overview of the PHP Month of bugs, from Stefan Esser, with a selection by PHP vulnerable versions.

Vulnerability Versions 5 Versions 4 Extra
PHP 5.2.0 Memory Manager Signed Comparision Vulnerability 5.2.
PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty <= 5.2. <= 4.4.4
PHP 5 php_stream_filter_create() Off By One Vulnerablity <= 5.2. 1
PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability <= 5.2. <= 4.4.4 sqlite
PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability <= 5.2. <= 4.4.4 imap
PHP str_replace() Memory Allocation Integer Overflow Vulnerability <= 5.2. <= 4.4.4
PHP printf() Family 64 Bit Casting Vulnerabilities <= 5.2. <= 4.4.4
PHP iptcembed() Interruption Information Leak Vulnerability <= 5.2.1 <= 4.4.6 Zend Engine
PHP session.save_path open_basedir Bypass Vulnerability <= 5.2.0 <= 4.4.4
PHP 4 zip_entry_read() Integer Overflow Vulnerability No <= 4.4.4 zip
PHP mail() Header Injection Through Subject and To Parameters <= 5.2.1 <= 4.4.6
PHP mail() Message ASCIIZ Byte Truncation <= 5.2.1 <= 4.4.6
PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability 4.4.5 to 4.4.6
PHP _SESSION Deserialization Overwrite Vulnerability <= 5.2.0 <= 4.4.5
PHP _SESSION unset() Vulnerability <= 5.2.0 <= 4.4.5 session
PHP 5.2.1 unserialize() Information Leak Vulnerability 5.2.1
PHP hash_update_file() Already Freed Resource Access Vulnerability <= 5.2.1
PHP ext/gd Already Freed Resource Access Vulnerability <= 5.2.1 <= 4.4.6
PHP mb_parse_str() register_globals Activation Vulnerability <= 5.2.1 <= 4.4.6
PHP header() Space Trimming Buffer Underflow Vulnerability 5.2.0
PHP 5 Rejected Session Identifier Double Free Vulnerability 5.2.0 to 5.2.1 No
PHP session_regenerate_id() Double Free Vulnerability 5.2.0 to 5.2.1 No
PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability <= 5.2.1 bzip2
PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability <= 5.2.1 zip
PHP ext/filter Space Trimming Buffer Underflow Vulnerability 5.2.0 filter
PHP ext/filter HTML Tag Stripping Bypass Vulnerability 5.2.0 filter
PHP ext/filter FDF Post Bypass Vulnerability fdf
PHP zip:// URL Wrapper Buffer Overflow Vulnerability 5.2.0 zip <= 1.8.3
PHP shmop Functions Resource Verification Vulnerability <= 5.2.0 <= 4.4.4
PHP substr_compare() Information Leak Vulnerability <= 5.2.1
PHP 4 Ovrimos Extension Multiple Vulnerabilities No <= 4.4.6 Ovrimos
mod_security POST Rules Bypass Vulnerability mod_security
PHP WDDX Session Deserialization Information Leak Vulnerability <= 5.2.0 <= 4.4.4
PHP php_binary Session Deserialization Information Leak Vulnerability <= 5.2.0 <= 4.4.4
PHP wddx_deserialize() String Append Buffer Overflow Vulnerability CVS CVS wddx
PHP 4 phpinfo() XSS Vulnerability (Deja-vu) 4.4.3 to 4.4.6
Zend Platform ini_modifier Local Root Vulnerability Zend Platform <= 2.2.3
Zend Platform Insecure File Permission Local Root Vulnerability Zend Platform <= 2.2.3
PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability <= 5.2.0 <= 4.4.4
PHP 4 unserialize() ZVAL Reference Counter Overflow No <= 4.4.4
PHP Variable Destructor Deep Recursion Stack Overflow All All
PHP Executor Deep Recursion Stack Overflow All All
PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability No All

Commentaires

Vous pouvez ajouter votre commentaire!

Vous devez vous connecter pour commenter