what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

CVE-2014-3597

Status Candidate

Overview

Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.

Related Files

Apple Security Advisory 2015-04-08-2
Posted Apr 9, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple, osx
advisories | CVE-2013-0118, CVE-2013-5704, CVE-2013-6438, CVE-2013-6712, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0207, CVE-2014-0226, CVE-2014-0231, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3523, CVE-2014-3538, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
MD5 | c356febee6ec28bc63ed23a9ea49f4fd
Mandriva Linux Security Advisory 2015-080
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2013-7345, CVE-2014-0185, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-8116, CVE-2014-8117, CVE-2014-8142, CVE-2014-9425, CVE-2014-9427, CVE-2014-9620
MD5 | 2de4bba25e6adea40f424ff2a5af9a53
Red Hat Security Advisory 2014-1766-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1766-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
MD5 | 7fe38c5e0c8bfb3fe3e7d156b5d99a83
Red Hat Security Advisory 2014-1765-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6712, CVE-2013-7345, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
MD5 | 8b153dfc0ddc7040e2e1c59c7eef20c3
Red Hat Security Advisory 2014-1327-01
Posted Sep 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1327-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. Multiple flaws were found in the File Information extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.

tags | advisory, remote, web, overflow, php
systems | linux, redhat
advisories | CVE-2014-2497, CVE-2014-3478, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120
MD5 | 1bfdd2be975db73bc6235fad56471532
Red Hat Security Advisory 2014-1326-01
Posted Sep 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1326-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information extension did not correctly parse certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap file.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2014-2497, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698
MD5 | 9f729c80edb1b913da021ae9aead6097
Ubuntu Security Notice USN-2344-1
Posted Sep 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2344-1 - It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3587, CVE-2014-3597
MD5 | d3b4ad4de5fdf06e7e8c2f9de75acc2e
Slackware Security Advisory - php Updates
Posted Sep 8, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120
MD5 | f88a8d0c7f47f10e69fa24ed54f7a66f
Mandriva Linux Security Advisory 2014-172
Posted Sep 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-172 - The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service via a crafted color table in an XPM file. file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service via a crafted file that triggers backtracking during processing of an awk rule. Various other issues have also been addressed. The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.

tags | advisory, remote, denial of service, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-5120
MD5 | 233ab8bdca7744b6ef82e432fd9e42ad
Gentoo Linux Security Advisory 201408-11
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120
MD5 | 9fc05cd1682ef7aee444653346de8eae
Debian Security Advisory 3008-2
Posted Aug 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3008-2 - This update corrects a packaging error for the packages released in DSA-3008-1. The new sessionclean script used in the updated cronjob in /etc/cron.d/php5 was not installed into the php5-common package. No other changes are introduced.

tags | advisory
systems | linux, debian
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670
MD5 | 94ccce36e4523c5d83481c2b39de22e2
Debian Security Advisory 3008-1
Posted Aug 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3008-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670
MD5 | c2df4e3a5b3dbc54373c9c10a9026788
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close