Rapid7 Vulnerability & Exploit Database

RHSA-2011:1423: php53 and php security update

Back to Search

RHSA-2011:1423: php53 and php security update



PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server.A signedness issue was found in the way the PHP crypt() function handled8-bit characters in passwords when using Blowfish hashing. Up to threecharacters immediately preceding a non-ASCII character (one with the highbit set) had no effect on the hash result, thus shortening the effectivepassword length. This made brute-force guessing more efficient as severaldifferent passwords were hashed to the same value. (CVE-2011-2483)Note: Due to the CVE-2011-2483 fix, after installing this update some usersmay not be able to log in to PHP applications that hash passwords withBlowfish using the PHP crypt() function. Refer to the upstream"CRYPT_BLOWFISH security fix details" document, linked to in theReferences, for details.An insufficient input validation flaw, leading to a buffer over-read, wasfound in the PHP exif extension. A specially-crafted image file could causethe PHP interpreter to crash when a PHP script tries to extractExchangeable image file format (Exif) metadata from the image file.(CVE-2011-0708)An integer overflow flaw was found in the PHP calendar extension. A remoteattacker able to make a PHP script call SdnToJulian() with a large valuecould cause the PHP interpreter to crash. (CVE-2011-1466)Multiple memory leak flaws were found in the PHP OpenSSL extension. Aremote attacker able to make a PHP script use openssl_encrypt() oropenssl_decrypt() repeatedly could cause the PHP interpreter to use anexcessive amount of memory. (CVE-2011-1468)A use-after-free flaw was found in the PHP substr_replace() function. If aPHP script used the same variable as multiple function arguments, a remoteattacker could possibly use this to crash the PHP interpreter or, possibly,execute arbitrary code. (CVE-2011-1148)A bug in the PHP Streams component caused the PHP interpreter to crash ifan FTP wrapper connection was made through an HTTP proxy. A remote attackercould possibly trigger this issue if a PHP script accepted an untrusted URLto connect to. (CVE-2011-1469)An integer signedness issue was found in the PHP zip extension. An attackercould use a specially-crafted ZIP archive to cause the PHP interpreter touse an excessive amount of CPU time until the script execution time limitis reached. (CVE-2011-1471)A stack-based buffer overflow flaw was found in the way the PHP socketextension handled long AF_UNIX socket addresses. An attacker able to make aPHP script connect to a long AF_UNIX socket address could use this flaw tocrash the PHP interpreter. (CVE-2011-1938)An off-by-one flaw was found in PHP. If an attacker uploaded a file with aspecially-crafted file name it could cause a PHP script to attempt to writea file to the root (/) directory. By default, PHP runs as the "apache"user, preventing it from writing to the root directory. (CVE-2011-2202)All php53 and php users should upgrade to these updated packages, whichcontain backported patches to resolve these issues. After installing theupdated packages, the httpd daemon must be restarted for the update to takeeffect.


  • redhat-upgrade-php
  • redhat-upgrade-php-bcmath
  • redhat-upgrade-php-cli
  • redhat-upgrade-php-common
  • redhat-upgrade-php-dba
  • redhat-upgrade-php-debuginfo
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-embedded
  • redhat-upgrade-php-enchant
  • redhat-upgrade-php-gd
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-intl
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-mbstring
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pdo
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-process
  • redhat-upgrade-php-pspell
  • redhat-upgrade-php-recode
  • redhat-upgrade-php-snmp
  • redhat-upgrade-php-soap
  • redhat-upgrade-php-tidy
  • redhat-upgrade-php-xml
  • redhat-upgrade-php-xmlrpc
  • redhat-upgrade-php-zts
  • redhat-upgrade-php53
  • redhat-upgrade-php53-bcmath
  • redhat-upgrade-php53-cli
  • redhat-upgrade-php53-common
  • redhat-upgrade-php53-dba
  • redhat-upgrade-php53-devel
  • redhat-upgrade-php53-gd
  • redhat-upgrade-php53-imap
  • redhat-upgrade-php53-intl
  • redhat-upgrade-php53-ldap
  • redhat-upgrade-php53-mbstring
  • redhat-upgrade-php53-mysql
  • redhat-upgrade-php53-odbc
  • redhat-upgrade-php53-pdo
  • redhat-upgrade-php53-pgsql
  • redhat-upgrade-php53-process
  • redhat-upgrade-php53-pspell
  • redhat-upgrade-php53-snmp
  • redhat-upgrade-php53-soap
  • redhat-upgrade-php53-xml
  • redhat-upgrade-php53-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center