Test Kennung:	1.3.6.1.4.1.25623.1.0.801547
Kategorie:	Web application abuses
Titel:	PHP 'filter_var()' function Stack Consumption Vulnerability
Zusammenfassung:	PHP is prone to a stack consumption vulnerability.
Beschreibung:	Summary: PHP is prone to a stack consumption vulnerability. Vulnerability Insight: - The flaw exists due to an error in 'filter_var()' function, when FILTER_VALIDATE_EMAIL mode is used while processing the long e-mail address string. - A NULL pointer dereference vulnerability exists in 'ZipArchive::getArchiveComment'. Vulnerability Impact: Successful exploitation could allow remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. Affected Software/OS: PHP version 5.2 through 5.2.14 and 5.3 through 5.3.3. Solution: Update to PHP version 5.2.15/5.3.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3710 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 43926 http://www.securityfocus.com/bid/43926 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 http://www.redhat.com/support/errata/RHSA-2011-0196.html http://secunia.com/advisories/42812 http://secunia.com/advisories/43189 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://www.ubuntu.com/usn/USN-1042-1 http://www.vupen.com/english/advisories/2011/0020 http://www.vupen.com/english/advisories/2011/0021 http://www.vupen.com/english/advisories/2011/0077 Common Vulnerability Exposure (CVE) ID: CVE-2010-3709 BugTraq ID: 44718 http://www.securityfocus.com/bid/44718 http://www.exploit-db.com/exploits/15431 HPdes Security Advisory: HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPdes Security Advisory: SSRT100409 http://www.redhat.com/support/errata/RHSA-2011-0195.html http://www.securitytracker.com/id?1024690 http://secunia.com/advisories/42729 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 http://securityreason.com/achievement_securityalert/90 http://www.vupen.com/english/advisories/2010/3313
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.