Vulnerability Details : CVE-2011-1938
Potential exploit
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-1938
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
Threat overview for CVE-2011-1938
Top countries where our scanners detected CVE-2011-1938
Top open port discovered on systems with this issue
80
IPs affected by CVE-2011-1938 26,729
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1938!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1938
50.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1938
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-1938
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1938
-
http://marc.info/?l=bugtraq&m=133469208622507&w=2
'[security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PH' - MARC
-
http://securityreason.com/securityalert/8262
PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability - CXSecurity.com
-
http://www.securityfocus.com/bid/49241
PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
-
http://osvdb.org/72644
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67606
PHP socket_connect() buffer overflow CVE-2011-1938 Vulnerability Report
-
http://www.php.net/archive/2011.php#id2011-08-18-1
PHP: News Archive - 2011
-
http://www.exploit-db.com/exploits/17318/
PHP 5.3.5 - 'socket_connect()' Local Buffer Overflow - Multiple local ExploitExploit
-
http://www.redhat.com/support/errata/RHSA-2011-1423.html
Support
-
http://openwall.com/lists/oss-security/2011/05/24/9
oss-security - Re: CVE request: PHP socket_connect() - stack buffer overflowPatch
-
http://openwall.com/lists/oss-security/2011/05/24/1
oss-security - CVE request: PHP socket_connect() - stack buffer overflowPatch
-
http://www.debian.org/security/2012/dsa-2399
Debian -- Security Information -- DSA-2399-2 php5
-
http://svn.php.net/viewvc/php/php-src/trunk/ext/sockets/sockets.c?r1=311369&r2=311368&pathrev=311369
PHP: Diff of /php/php-src/trunk/ext/sockets/sockets.cPatch
-
http://svn.php.net/viewvc?view=revision&revision=311369
PHP: Revision 311369Patch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
mandriva.com
-
http://support.apple.com/kb/HT5130
About the security content of OS X Lion v10.7.3 and Security Update 2012-001 - Apple Support
-
http://www.php.net/ChangeLog-5.php#5.3.7
PHP: PHP 5 ChangeLog
-
http://securityreason.com/securityalert/8294
PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938 - CXSecurity.com
-
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Apple - Lists.apple.com
Jump to