-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0015 Title: PHP5 Arbitrary Remote Code Execution Vulnerability [1] Version history: 03.02.2012 Initial publication Summary ======= The PHP development team announced the immediate availability of PHP 5.3.10. This release delivers a critical security fix. This release fixes the arbitrary remote code execution vulnerability CVE-2012-0830. CVSS v2 Base Score: 6.8 (HIGH) (AV:N/AC:M/Au:N/C:P/I:P/A:P)[3,4]) Original Details ================ A remote user can execute arbitrary code on the target system by sending specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system. The code will run with the privileges of the target service [2,3]. The vulnerability can be triggered when the number of variables exceeds max_input_vars and the variable is an array. This vulnerability was introduced in version 5.3.9 in the fix for CVE-2011-4885. What can you do? ================ There is PHP v5.3.10 available, which fixes this issue [1]. What to tell your users? ======================== N/A More information ================ [1] http://www.php.net/archive/2012.php#id2012-02-02-1 [2] http://www.securitytracker.com/id/1026631 [3] https://www.redhat.com/security/data/cve/CVE-2012-0830.html [4] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPK9SZOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4Pc4hAAtUf6cvb9 GQ92Zlammm9QWx53C/BOcsf3ZcGZoTePZrUcDjnKCzccpkFtVKyy4v68vjwxgLcm KW5pl7hh+oplc/AbAE2ghStl0a0rLML5P81fHX1q9Z04IgYd5+7b3CqkKLUS4qq3 pyKphUJZzQiaWDeGropr4CaPwZZ0NeHkE/FD23ljUUMkdDnEyoQLh3uNWRXgz7nC 24dvklMMZrOVuj9B0oVfgflZgXz3wlz3Mz954y+iDJ/8ScWtRL5nU92aUWcmRhmv c1e4I9wROnEBJNLCpHrawY1JH2Z06H1n5pGknE424jDbGw1K4TYcTcL99Bylrswg gdX4U6R4itPcngjbQeZnhYOhkGZYExxa0t0a7A24w2daOnDP8c2gaHYTynX7Ekzn v7q7ur5qdl0Qgb7qxF8AOk9KRxauaDMnq9SLniZFJQjSzzcHNT0nJmFEJ1HVttr7 Qp6Pbpvpj6boTJWOPerfOrzYzoVeGRg1OFK/9fiwpWx5KRKA56kmvozmkqVEivKs G6qj0FMU5kZg/6WCWqWvD7pzzr7cz6sSs/LjecSf4ine4LiGyNSYI50m/qG03rKM f/NpaVDHNZQAX+Op6Tvxg+72aLiHlklRuuJdjRcgQr3+UITX6n8LiDc8sAZ1NQNB tZ7nIdttAFDgmzZyVcaoy0NW2WLuggFU6jI= =d+IR -----END PGP SIGNATURE-----