what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

CVE-2014-3669

Status Candidate

Overview

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

Related Files

Apple Security Advisory 2015-04-08-2
Posted Apr 9, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple, osx
advisories | CVE-2013-0118, CVE-2013-5704, CVE-2013-6438, CVE-2013-6712, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0207, CVE-2014-0226, CVE-2014-0231, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3523, CVE-2014-3538, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
MD5 | c356febee6ec28bc63ed23a9ea49f4fd
Mandriva Linux Security Advisory 2015-080
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2013-7345, CVE-2014-0185, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-8116, CVE-2014-8117, CVE-2014-8142, CVE-2014-9425, CVE-2014-9427, CVE-2014-9620
MD5 | 2de4bba25e6adea40f424ff2a5af9a53
Red Hat Security Advisory 2015-0021-01
Posted Jan 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0021-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3669, CVE-2014-3670
MD5 | b3ffab7d59e7c6f6d27482830b3155c9
Gentoo Linux Security Advisory 201411-04
Posted Nov 10, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-4 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.18 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
MD5 | cc9179dc03f8baf33f460fd91a04dd1d
Red Hat Security Advisory 2014-1824-01
Posted Nov 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1824-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3669, CVE-2014-3670, CVE-2014-8626
MD5 | 676830ad34b2e52446a0e6f79b36c437
Debian Security Advisory 3064-1
Posted Nov 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3064-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
MD5 | 6b57ea4247290cbecce9b98b56410ba7
Slackware Security Advisory - php Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
MD5 | a603da7b7cfdbaa3217207c62bbe3fa0
Red Hat Security Advisory 2014-1767-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1767-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
MD5 | 555943fd2ef6e007a4989fffd6c3f246
Red Hat Security Advisory 2014-1768-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1768-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
MD5 | 8e8a532cc1557d48fadcf41e632f111e
Red Hat Security Advisory 2014-1766-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1766-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
MD5 | 7fe38c5e0c8bfb3fe3e7d156b5d99a83
Red Hat Security Advisory 2014-1765-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6712, CVE-2013-7345, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
MD5 | 8b153dfc0ddc7040e2e1c59c7eef20c3
Ubuntu Security Notice USN-2391-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2391-1 - Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
MD5 | 0ba0cca792e56ff2dc76a485f423b2de
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close