Описание
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
Отчет
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 5 (php53) and 6 (php).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Fixed | RHSA-2011:1423 | 02.11.2011 |
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2011:1423 | 02.11.2011 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
Stack-based buffer overflow in the socket_connect function in ext/sock ...
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
ELSA-2011-1423: php53 and php security update (MODERATE)
EPSS
2.6 Low
CVSS2