Computer Security
[EN] securityvulns.ru no-pyccku


PHP security vulnerabilities
Published:17.06.2014
Source:
SecurityVulns ID:13848
Type:library
Threat Level:
7/10
Description:Symbolic links vulnerabilities, dns_get_record() buffer overflow.
Affected:PHP : PHP 5.5
CVE:CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.)
 CVE-2014-3986 (include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.)
 CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.)
 CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.)
Original documentdocumentMurray McAllister, [oss-security] CVE request: PHP heap-based buffer overflow in DNS TXT record parsing (17.06.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure (17.06.2014)
 documentMurray McAllister, [oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure (17.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod