PHP Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 4 Jan 2008 4790 Views

RISK: Medium Risk

Medium Risk

Some vulnerabilities have been reported in PHP, where some have unknown impact and others can be exploited by malicious users to bypass certain security restrictions.

1) An integer overflow error exists in the "chunk_split()" function.

2) Integer overflow errors exists in the "strcspn()" and "strspn()" functions.

3) A regression error related to the "glob()" function exist, which can potentially be exploited to bypass the "open_basedir" directive.

4) An error exists within the handling of SQL queries containing "LOCAL INFILE" inside the MySQL extension. This can be exploited to bypass the "open_basedir" and "safe_mode" directives.

5) An error exists when processing "session_save_path" and "error_log" values, which can be exploited to bypass the "open_basedir" and "safe_mode" directives.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • PHP versions prior to 4.4.8

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

RealPlayer Data Processing Buffer Overflow Vulnerability

4 Jan 2008 4700 Views

Next

Microsoft Windows TCP/IP Multiple Vulnerabilities( 09 January 2008 )

9 Jan 2008 4467 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY