Описание
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query.
Отчет
This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Fixed | RHSA-2014:1012 | 06.08.2014 |
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2014:1012 | 06.08.2014 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2014:1013 | 06.08.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Heap-based buffer overflow in the php_parserr function in ext/standard ...
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
5.1 Medium
CVSS2