Vulnerability CVE-2009-3294 - CERT Civis.Net

Vulnerability Name:

CVE-2009-3294 (CCN-53557)

Assigned:

2009-09-20

Published:

2009-09-20

Updated:

2022-09-01

Summary:

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library.
Note: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CONFIRM
Type: Exploit, Vendor Advisory
http://bugs.php.net/bug.php?id=44683

Source: MITRE
Type: CNA
CVE-2009-3294

Source: MLIST
Type: Vendor Advisory
[php-announce] 20091119 5.3.1 Release announcement

Source: CONFIRM
Type: Vendor Advisory
http://svn.php.net/viewvc?view=revision&revision=287779

Source: CCN
Type: oss-security Mailing List, Sun, 20 Sep 2009 15:27:46 +0200
Re: CVE Request -- PHP 5 - 5.2.11

Source: MLIST
Type: Mailing List, Patch
[oss-security] 20090920 Re: CVE Request -- PHP 5 - 5.2.11

Source: MLIST
Type: Mailing List
[oss-security] 20091120 CVE request: php 5.3.1 update

Source: MLIST
Type: Mailing List
[oss-security] 20091120 Re: CVE request: php 5.3.1 update

Source: OSVDB
Type: Broken Link
58188

Source: CCN
Type: OSVDB ID: 58188
PHP on Windows popen Invalid Mode Handling DoS

Source: CCN
Type: The PHP Group Web site
PHP 5.2.11

Source: CONFIRM
Type: Vendor Advisory
http://www.php.net/ChangeLog-5.php

Source: CONFIRM
Type: Vendor Advisory
http://www.php.net/ChangeLog-5.php#5.2.11

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.php.net/releases/5_2_11.php

Source: CONFIRM
Type: Vendor Advisory
http://www.php.net/releases/5_3_1.php

Source: XF
Type: UNKNOWN
php-popen-dos(53557)

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 5.2.0 and < 5.2.11)

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 5.3.0 and < 5.3.1)

AND

cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.14:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.15:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.16:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.17:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.18:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2::dev:*:*:*:*:*

OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2::dev:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:rc4:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.4:patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.3:patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:4:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:patch2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:patch1:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*

Denotes that component is vulnerable