Fluid Attacks Database

Description

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	php	<0:5.3.3-3.el6_1.3	0:5.3.3-3.el6_1.3
rpm rhel5	php53	<0:5.3.3-1.el5_7.3	0:5.3.3-1.el5_7.3

Aliases

1. CVE-2011-19382. NVD-2011-19383. OSV-2011-1938

References

1. https://www.exploit-db.com/exploits/173182. https://www.exploit-db.com/exploits/17486

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.