BDU:2022-02624
Vulnerability from fstec - Published: 06.03.2013
VLAI Severity ?
Title
Уязвимость компонента ext/soap/soap.c интерпретатора языка программирования PHP, позволяющие нарушителю повысить свои привилегии
Description
Уязвимость компонента ext/soap/soap.c интерпретатора языка программирования PHP связана с ошибками управления привилегиями. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, повысить свои привилегии
Severity ?
Vendor
Novell Inc., Сообщество свободного программного обеспечения, PHP Group
Software Name
OpenSUSE Leap, Debian GNU/Linux, PHP
Software Version
15.0 (OpenSUSE Leap), 6 (Debian GNU/Linux), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.13 (PHP), 5.2.3 (PHP), 5.1.6 (PHP), 5.0.0beta3 (PHP), 4.3.10 (PHP), 4.3.6 (PHP), 4.3.7 (PHP), 4.1.2 (PHP), 4.1.1 (PHP), 4.4.9 (PHP), 4.4.1 (PHP), 4.0beta 4 patch1 (PHP), 4.0beta3 (PHP), 3.0.11 (PHP), 3.0.4 (PHP), 3.0.5 (PHP), 5.3.11 (PHP), 5.3.4 (PHP), 5.3.9 (PHP), 5.3.2 (PHP), 5.3.10 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.14 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP), 5.3.8 (PHP), 5.3.1 (PHP), 5.3.7 (PHP), 5.3.12 (PHP), 5.3.19 (PHP), 5.3.18 (PHP), 5.3.13 (PHP), 4.3.1 (PHP), 4.4.8 (PHP), 4.2.0 (PHP), 4.3.0 (PHP), 4.4.4 (PHP), 4.0beta1 (PHP), 4.0.5 (PHP), 4.0.4 (PHP), 3.0.10 (PHP), 3.0.3 (PHP), 3.0.6 (PHP), 5.3.15 (PHP), 5.3.14 (PHP), 5.3.20 (PHP), 5.2.16 (PHP), 4.3.11 (PHP), 4.3.4 (PHP), 4.2.2 (PHP), 4.4.5 (PHP), 4.0.1 (PHP), 4.0.0 (PHP), 4.0.3 (PHP), 4.0.2 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 4.3.2 (PHP), 4.2.3 (PHP), 4.4.0 (PHP), 4.0beta2 (PHP), 3.0.13 (PHP), 3.0.15 (PHP), 2.0b10 (PHP), 5.3.3 (PHP), 5.2.9 (PHP), 5.0.4 (PHP), 5.0.3 (PHP), 5.0.0rc2 (PHP), 4.3.8 (PHP), 4.3.9 (PHP), 3.0.12 (PHP), 3.0.1 (PHP), 3.0.14 (PHP), 3.0.17 (PHP), 2.0 (PHP), 1.0 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.1.3 (PHP), 5.0.5 (PHP), 5.3.17 (PHP), 5.3.16 (PHP), 5.0.1 (PHP), 5.0.0rc3 (PHP), 4.3.3 (PHP), 3.0 (PHP), 3.0.16 (PHP), 3.0.9 (PHP), до 5.3.21 включительно (PHP)
Possible Mitigations
Использование рекомендаций
https://www.php.net/ChangeLog-5.php
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2013-1635
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2013-1635
Reference
http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
http://git.php.net/?p=php-src.git;a=blob;f=NEWS;h=82afa3a040e639f3595121e45b850d5453906a00;hb=refs/heads/PHP-5.3
https://bugs.gentoo.org/show_bug.cgi?id=459904
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221
http://git.php.net/?p=php-src.git;a=blob;f=NEWS;h=36f6f9a4396d3034cc903a4271e7fdeccc5d3ea6;hb=refs/heads/PHP-5.4
https://bugzilla.redhat.com/show_bug.cgi?id=918196
http://www.debian.org/security/2013/dsa-2639
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://support.apple.com/kb/HT5880
http://www.mandriva.com/security/advisories?name=MDVSA-2013:114
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101
CWE
CWE-264
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PHP Group",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.0 (OpenSUSE Leap), 6 (Debian GNU/Linux), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.13 (PHP), 5.2.3 (PHP), 5.1.6 (PHP), 5.0.0beta3 (PHP), 4.3.10 (PHP), 4.3.6 (PHP), 4.3.7 (PHP), 4.1.2 (PHP), 4.1.1 (PHP), 4.4.9 (PHP), 4.4.1 (PHP), 4.0beta 4 patch1 (PHP), 4.0beta3 (PHP), 3.0.11 (PHP), 3.0.4 (PHP), 3.0.5 (PHP), 5.3.11 (PHP), 5.3.4 (PHP), 5.3.9 (PHP), 5.3.2 (PHP), 5.3.10 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.14 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP), 5.3.8 (PHP), 5.3.1 (PHP), 5.3.7 (PHP), 5.3.12 (PHP), 5.3.19 (PHP), 5.3.18 (PHP), 5.3.13 (PHP), 4.3.1 (PHP), 4.4.8 (PHP), 4.2.0 (PHP), 4.3.0 (PHP), 4.4.4 (PHP), 4.0beta1 (PHP), 4.0.5 (PHP), 4.0.4 (PHP), 3.0.10 (PHP), 3.0.3 (PHP), 3.0.6 (PHP), 5.3.15 (PHP), 5.3.14 (PHP), 5.3.20 (PHP), 5.2.16 (PHP), 4.3.11 (PHP), 4.3.4 (PHP), 4.2.2 (PHP), 4.4.5 (PHP), 4.0.1 (PHP), 4.0.0 (PHP), 4.0.3 (PHP), 4.0.2 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 4.3.2 (PHP), 4.2.3 (PHP), 4.4.0 (PHP), 4.0beta2 (PHP), 3.0.13 (PHP), 3.0.15 (PHP), 2.0b10 (PHP), 5.3.3 (PHP), 5.2.9 (PHP), 5.0.4 (PHP), 5.0.3 (PHP), 5.0.0rc2 (PHP), 4.3.8 (PHP), 4.3.9 (PHP), 3.0.12 (PHP), 3.0.1 (PHP), 3.0.14 (PHP), 3.0.17 (PHP), 2.0 (PHP), 1.0 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.1.3 (PHP), 5.0.5 (PHP), 5.3.17 (PHP), 5.3.16 (PHP), 5.0.1 (PHP), 5.0.0rc3 (PHP), 4.3.3 (PHP), 3.0 (PHP), 3.0.16 (PHP), 3.0.9 (PHP), \u0434\u043e 5.3.21 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PHP)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439\nhttps://www.php.net/ChangeLog-5.php\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2013-1635\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2013-1635",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.03.2013",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02624",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2013-1635",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, Debian GNU/Linux, PHP",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 ext/soap/soap.c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 ext/soap/soap.c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74\nhttp://git.php.net/?p=php-src.git;a=blob;f=NEWS;h=82afa3a040e639f3595121e45b850d5453906a00;hb=refs/heads/PHP-5.3\nhttps://bugs.gentoo.org/show_bug.cgi?id=459904\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221\nhttp://git.php.net/?p=php-src.git;a=blob;f=NEWS;h=36f6f9a4396d3034cc903a4271e7fdeccc5d3ea6;hb=refs/heads/PHP-5.4\nhttps://bugzilla.redhat.com/show_bug.cgi?id=918196\nhttp://www.debian.org/security/2013/dsa-2639\nhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html\nhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html\nhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html\nhttp://support.apple.com/kb/HT5880\nhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:114\nhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,6)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…