Vulnerability Name:
CVE-2011-3268 (CCN-69427)
Assigned:
2011-08-18
Published:
2011-08-18
Updated:
2017-08-29
Summary:
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than
CVE-2011-2483
.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
7.4 High
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
5.5 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-119
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2011-3268
Source: APPLE
Type: UNKNOWN
APPLE-SA-2012-02-01-1
Source: OSVDB
Type: UNKNOWN
74738
Source: CCN
Type: SA48737
F5 Products PHP Multiple Vulnerabilities
Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT5130
Source: CCN
Type: F5 Web site
Multiple PHP vulnerabilities
Source: CONFIRM
Type: UNKNOWN
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c?r1=311300&r2=311390&pathrev=315218
Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:165
Source: CCN
Type: OSVDB ID: 74738
PHP crypt() Function Salt Argument Overflow
Source: CCN
Type: The PHP Group Web site
PHP: Hypertext Preprocessor
Source: CONFIRM
Type: UNKNOWN
http://www.php.net/archive/2011.php#id2011-08-18-1
Source: CONFIRM
Type: UNKNOWN
http://www.php.net/ChangeLog-5.php#5.3.7
Source: BID
Type: UNKNOWN
49241
Source: CCN
Type: BID-49241
PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
Source: XF
Type: UNKNOWN
php-crypt-bo(69427)
Source: XF
Type: UNKNOWN
php-crypt-bo(69427)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:2.0:*:*:*:*:*:*:*
OR
cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.14:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.15:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.16:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.17:*:*:*:*:*:*:*
OR
cpe:/a:php:php:3.0.18:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*
OR
cpe:/a:php:php:4.4.9:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.12:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.13:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.2.14:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.3:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.4:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.5:*:*:*:*:*:*:*
OR
cpe:/a:php:php:*:*:*:*:*:*:*:*
(Version <= 5.3.6)
Configuration CCN 1
:
cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.3:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.4:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.5:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.3.6:*:*:*:*:*:*:*
AND
cpe:/h:f5:firepass:6.0:*:*:*:*:*:*:*
OR
cpe:/a:f5:firepass:7.0.0:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:20113268
V
CVE-2011-3268
2022-05-20
BACK
php
php 1.0
php
php 2.0
php
php 2.0b10
php
php 3.0
php
php 3.0.1
php
php 3.0.2
php
php 3.0.3
php
php 3.0.4
php
php 3.0.5
php
php 3.0.6
php
php 3.0.7
php
php 3.0.8
php
php 3.0.9
php
php 3.0.10
php
php 3.0.11
php
php 3.0.12
php
php 3.0.13
php
php 3.0.14
php
php 3.0.15
php
php 3.0.16
php
php 3.0.17
php
php 3.0.18
php
php 4.0 beta1
php
php 4.0 beta2
php
php 4.0 beta3
php
php 4.0 beta4
php
php 4.0 beta_4_patch1
php
php 4.0.0
php
php 4.0.1
php
php 4.0.2
php
php 4.0.3
php
php 4.0.4
php
php 4.0.5
php
php 4.0.6
php
php 4.0.7
php
php 4.1.0
php
php 4.1.1
php
php 4.1.2
php
php 4.2.0
php
php 4.2.1
php
php 4.2.2
php
php 4.2.3
php
php 4.3.0
php
php 4.3.1
php
php 4.3.2
php
php 4.3.3
php
php 4.3.4
php
php 4.3.5
php
php 4.3.6
php
php 4.3.7
php
php 4.3.8
php
php 4.3.9
php
php 4.3.10
php
php 4.3.11
php
php 4.4.0
php
php 4.4.1
php
php 4.4.2
php
php 4.4.3
php
php 4.4.4
php
php 4.4.5
php
php 4.4.6
php
php 4.4.7
php
php 4.4.8
php
php 4.4.9
php
php 5.0.0
php
php 5.0.0 beta1
php
php 5.0.0 beta2
php
php 5.0.0 beta3
php
php 5.0.0 beta4
php
php 5.0.0 rc1
php
php 5.0.0 rc2
php
php 5.0.0 rc3
php
php 5.0.1
php
php 5.0.2
php
php 5.0.3
php
php 5.0.4
php
php 5.0.5
php
php 5.1.0
php
php 5.1.1
php
php 5.1.2
php
php 5.1.3
php
php 5.1.4
php
php 5.1.5
php
php 5.1.6
php
php 5.2.0
php
php 5.2.1
php
php 5.2.2
php
php 5.2.3
php
php 5.2.4
php
php 5.2.5
php
php 5.2.6
php
php 5.2.8
php
php 5.2.9
php
php 5.2.10
php
php 5.2.11
php
php 5.2.12
php
php 5.2.13
php
php 5.2.14
php
php 5.3.0
php
php 5.3.1
php
php 5.3.2
php
php 5.3.3
php
php 5.3.4
php
php 5.3.5
php
php *
php
php 5.3.1
php
php 5.3.2
php
php 5.3.3
php
php 5.3.4
php
php 5.3.5
php
php 5.3.6
f5
firepass 6.0
f5
firepass 7.0.0