jetlib.sec » Bugtraq » PHP 5.3.8 Multiple vulnerabilities

Feeds

132963 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Bugtraq

• January 16, 2012
• 

  PHP 5.3.8 Multiple vulnerabilities

  Posted: January 16th, 2012, 7:28am PST

  Tags:   

  Posted by cxib on Jan 16

  [ PHP 5.3.8 Multiple vulnerabilities ]
  
  Author: Maksymilian Arciemowicz
  Website: http://cxsecurity.com/
  Date: 14.01.2012
  
  CVE:
  CVE-2011-4153 (zend_strndup)
  
  Original link:
  http://cxsecurity.com/research/103
  
  [--- 1. Multiple NULL Pointer Dereference with zend_strndup() [CVE-2011-4153] ---]
  As we can see in zend_strndup()
  
  -zend_alloca.c---
  ZEND_API char *zend_strndup(const char *s, uint length)
  {
  char *p;
  
  p = (char *)...