National Vulnerability Database (NVD) National Vulnerability Database (CVE-2011-1153)

National Cyber Awareness System

Vulnerability Summary for CVE-2011-1153

Original release date:03/16/2011

Last revised:10/21/2011

Source: US-CERT/NIST

Overview

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://svn.php.net/viewvc?view=revision&revision=309221

Type: Patch Information

Hyperlink:http://svn.php.net/viewvc?view=revision&revision=309221

External Source: MLIST

Name: [oss-security] 20110314 Re: CVE request: format-string vulnerability in PHP Phar extension

Type: Patch Information

Hyperlink:http://openwall.com/lists/oss-security/2011/03/14/14

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=688378

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=688378

External Source: XF

Name: php-pharobject-format-string(66079)

Hyperlink:http://xforce.iss.net/xforce/xfdb/66079

External Source: VUPEN

Name: ADV-2011-0890

Hyperlink:http://www.vupen.com/english/advisories/2011/0890

External Source: VUPEN

Name: ADV-2011-0764

Hyperlink:http://www.vupen.com/english/advisories/2011/0764

External Source: VUPEN

Name: ADV-2011-0744

Hyperlink:http://www.vupen.com/english/advisories/2011/0744

External Source: BID

Name: 46854

Hyperlink:http://www.securityfocus.com/bid/46854

External Source: CONFIRM

Name: http://www.php.net/releases/5_3_6.php

Hyperlink:http://www.php.net/releases/5_3_6.php

External Source: CONFIRM

Name: http://www.php.net/ChangeLog-5.php

Hyperlink:http://www.php.net/ChangeLog-5.php

External Source: CONFIRM

Name: http://www.php.net/archive/2011.php

Hyperlink:http://www.php.net/archive/2011.php

External Source: MANDRIVA

Name: MDVSA-2011:053

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:053

External Source: MANDRIVA

Name: MDVSA-2011:052

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:052

External Source: DEBIAN

Name: DSA-2266

Hyperlink:http://www.debian.org/security/2011/dsa-2266

External Source: CONFIRM

Name: http://support.apple.com/kb/HT5002

Hyperlink:http://support.apple.com/kb/HT5002

External Source: SECUNIA

Name: 43744

Type: Advisory

Hyperlink:http://secunia.com/advisories/43744

External Source: MLIST

Name: [oss-security] 20110314 Re: CVE request: format-string vulnerability in PHP Phar extension

Hyperlink:http://openwall.com/lists/oss-security/2011/03/14/24

External Source: MLIST

Name: [oss-security] 20110314 CVE request: format-string vulnerability in PHP Phar extension

Hyperlink:http://openwall.com/lists/oss-security/2011/03/14/13

External Source: FEDORA

Name: FEDORA-2011-3614

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html

External Source: FEDORA

Name: FEDORA-2011-3666

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html

External Source: FEDORA

Name: FEDORA-2011-3636

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html

External Source: APPLE

Name: APPLE-SA-2011-10-12-3

Hyperlink:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

External Source: CONFIRM

Name: http://bugs.php.net/bug.php?id=54247

Hyperlink:http://bugs.php.net/bug.php?id=54247

Vulnerable software and versions

Configuration 1

* cpe:/a:php:php:4.3.10

* cpe:/a:php:php:4.3.1

* cpe:/a:php:php:4.3.2

* cpe:/a:php:php:4.3.11

* cpe:/a:php:php:4.3.4

* cpe:/a:php:php:4.3.3

* cpe:/a:php:php:4.3.6

* cpe:/a:php:php:4.3.5

* cpe:/a:php:php:4.2.1

* cpe:/a:php:php:4.2.0

* cpe:/a:php:php:4.2.3

* cpe:/a:php:php:4.2.2

* cpe:/a:php:php:4.4.5

* cpe:/a:php:php:4.4.6

* cpe:/a:php:php:4.4.7

* cpe:/a:php:php:5.0.0

* cpe:/a:php:php:5.0.0:beta1

* cpe:/a:php:php:4.3.7

* cpe:/a:php:php:5.2.11

* cpe:/a:php:php:5.2.5

* cpe:/a:php:php:4.3.8

* cpe:/a:php:php:4.3.9

* cpe:/a:php:php:5.2.8

* cpe:/a:php:php:4.4.0

* cpe:/a:php:php:5.2.6

* cpe:/a:php:php:4.4.1

* cpe:/a:php:php:4.4.2

* cpe:/a:php:php:4.4.3

* cpe:/a:php:php:4.4.4

* cpe:/a:php:php:5.0.5

* cpe:/a:php:php:5.0.4

* cpe:/a:php:php:5.2.9

* cpe:/a:php:php:5.0.3

* cpe:/a:php:php:5.1.3

* cpe:/a:php:php:5.1.2

* cpe:/a:php:php:5.1.1

* cpe:/a:php:php:5.1.0

* cpe:/a:php:php:5.0.0:rc1

* cpe:/a:php:php:5.0.0:beta4

* cpe:/a:php:php:5.0.0:beta3

* cpe:/a:php:php:5.0.0:beta2

* cpe:/a:php:php:5.0.2

* cpe:/a:php:php:5.0.1

* cpe:/a:php:php:5.0.0:rc3

* cpe:/a:php:php:5.0.0:rc2

* cpe:/a:php:php:5.2.12

* cpe:/a:php:php:5.2.13

* cpe:/a:php:php:5.1.6

* cpe:/a:php:php:5.2.0

* cpe:/a:php:php:5.1.4

* cpe:/a:php:php:5.1.5

* cpe:/a:php:php:5.2.3

* cpe:/a:php:php:5.2.1

* cpe:/a:php:php:5.2.2

* cpe:/a:php:php:1.0

* cpe:/a:php:php:2.0b10

* cpe:/a:php:php:2.0

* cpe:/a:php:php:4.4.8

* cpe:/a:php:php:4.4.9

* cpe:/a:php:php:5.2.10

* cpe:/a:php:php:5.2.4

* cpe:/a:php:php:4.3.0

* cpe:/a:php:php:5.3.0

* cpe:/a:php:php:3.0.11

* cpe:/a:php:php:3.0.10

* cpe:/a:php:php:3.0.13

* cpe:/a:php:php:3.0.12

* cpe:/a:php:php:3.0.1

* cpe:/a:php:php:3.0

* cpe:/a:php:php:3.0.2

* cpe:/a:php:php:3.0.18

* cpe:/a:php:php:3.0.4

* cpe:/a:php:php:3.0.3

* cpe:/a:php:php:3.0.15

* cpe:/a:php:php:3.0.14

* cpe:/a:php:php:3.0.17

* cpe:/a:php:php:3.0.16

* cpe:/a:php:php:4.0:beta1

* cpe:/a:php:php:4.0:beta2

* cpe:/a:php:php:3.0.9

* cpe:/a:php:php:3.0.7

* cpe:/a:php:php:3.0.8

* cpe:/a:php:php:3.0.5

* cpe:/a:php:php:3.0.6

* cpe:/a:php:php:4.0.1

* cpe:/a:php:php:4.0.0

* cpe:/a:php:php:4.0:beta_4_patch1

* cpe:/a:php:php:4.0:beta3

* cpe:/a:php:php:4.0:beta4

* cpe:/a:php:php:4.0.6

* cpe:/a:php:php:4.0.5

* cpe:/a:php:php:4.0.4

* cpe:/a:php:php:4.0.3

* cpe:/a:php:php:4.0.2

* cpe:/a:php:php:4.1.2

* cpe:/a:php:php:4.1.1

* cpe:/a:php:php:4.1.0

* cpe:/a:php:php:5.2.14

* cpe:/a:php:php:4.0.7

* cpe:/a:php:php:5.3.1

* cpe:/a:php:php:5.3.2

* cpe:/a:php:php:5.3.3

* cpe:/a:php:php:5.3.4

* cpe:/a:php:php:5.3.5 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Format String Vulnerability (CWE-134)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1153