Vigil@nce - PHP: three vulnerabilities
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use three vulnerabilities of PHP, in order to create a denial of service, or to access to files.
Severity: 2/4
Creation date: 02/11/2010
DESCRIPTION OF THE VULNERABILITY
Three vulnerabilities were announced in PHP.
An attacker can use a long email address, in order to force the
filter_var() function to consume a lot of resources when
FILTER_VALIDATE_EMAIL is used, which stops the application.
[severity:2/4; CVE-2010-3710]
An attacker can create a malicious ZIP archive, in order to force
the ZipArchive::getArchiveComment() function to dereference a NULL
pointer, which stops the application. [severity:2/4; CVE-2010-3709]
An attacker can bypass open_basedir, which define directories
where files can be located. [severity:2/4; CVE-2010-3436]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-three-vulnerabilities-10089