CVE-2010-2094

Related Files

Mandriva Linux Security Advisory 2011-004

Posted Jan 11, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-004 - Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush, phar_parse_url, or phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. The updated packages have been upgraded to the latest version and patched to correct this issue.

tags | advisory, arbitrary, php, vulnerability

systems | linux, mandriva

advisories | CVE-2010-2094

SHA-256 | cc0b39fb95de35b1449b811335b5e9616ac2bf267eaceb0d0502416b54b87310

Download | Favorite | View

Ubuntu Security Notice 989-1

Posted Sep 21, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 989-1 - Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. It was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. It was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. Grzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. Various other issues were also addressed.

tags | advisory, remote, web, php

systems | linux, ubuntu

advisories | CVE-2010-0397, CVE-2010-1128, CVE-2010-1129, CVE-2010-1130, CVE-2010-1866, CVE-2010-1868, CVE-2010-1917, CVE-2010-2094, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950, CVE-2010-3065

SHA-256 | 39223359acd2eea854bfefcc60f483e06e1a0cd1e0a9f2252a3448603f64be5c

Download | Favorite | View