Vigil@nce - PHP: multiple vulnerabilities
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use three vulnerabilities of PHP.
Impacted products: Fedora, MBS, PHP, Slackware
Severity: 2/4
Creation date: 22/08/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in PHP.
The vulnerability described in VIGILANCE-VUL-11485
(https://vigilance.fr/tree/1/11485?w=66901) was not fully fixed.
[severity:1/4; 67716, CVE-2014-3587]
The vulnerability described in VIGILANCE-VUL-14984
(https://vigilance.fr/tree/1/14984?w=66901) was not fully fixed.
[severity:1/4; 67717, CVE-2014-3597]
An attacker can use file paths with embedded nul bytes, for
instance to bypass filtering about imported files or save files
outside of the tree reserved for that purpose. [severity:2/4;
67730, CVE-2014-5120]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-multiple-vulnerabilities-15221