PHP 'ext/spl/spl_array.c' Use After Free Memory Corruption Vulnerability

Bugtraq ID: 68511
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2014-4698
Remote: No
Local: Yes
Published: Jul 11 2014 12:00AM
Updated: May 07 2015 05:33PM
Credit: research at insighti
Vulnerable: Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS
Ubuntu Ubuntu Linux 10.04 LTS
Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.0
Slackware Slackware Linux 13.37
Slackware Slackware Linux 13.1
Slackware Slackware Linux 13.0
PHP PHP 5.5.14
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 5.5.13
PHP PHP 5.5.12
PHP PHP 5.5.11
PHP PHP 5.5.10
PHP PHP 5.5.5
PHP PHP 5.5.4
PHP PHP 5.5.3
PHP PHP 5.5.1
PHP PHP 5.5
PHP PHP 5.5.9
PHP PHP 5.5.8
PHP PHP 5.5.7
PHP PHP 5.5.2
PHP PHP 5.5.0-DEV
PHP PHP 5.5.0 Rc2
PHP PHP 5.5.0 Rc1
PHP PHP 5.5.0 Beta4
PHP PHP 5.5.0 Beta3
PHP PHP 5.5.0 Beta2
PHP PHP 5.5.0 Beta1
PHP PHP 5.5.0 Alpha6
PHP PHP 5.5.0 Alpha5
PHP PHP 5.5.0 Alpha4
PHP PHP 5.5.0 Alpha3
PHP PHP 5.5.0 Alpha2
PHP PHP 5.5.0 Alpha1
Oracle Enterprise Linux 7
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
IBM Lotus Protector for Mail Security 2.8 0
IBM Lotus Protector for Mail Security 2.8.1.0
CentOS CentOS 6
Avaya IP Office Server Edition 9.0
Avaya IP Office Server Edition 8.1
Avaya IP Office Application Server 9.0
Avaya Aura Session Manager 5.2.4
Avaya Aura Session Manager 5.2.1
Avaya Aura Session Manager 5.2 SP2
Avaya Aura Session Manager 5.2 SP1
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 5.0
Avaya Aura Experience Portal 6.0.2
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Experience Portal 6.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Experience Portal 7.0
Avaya Aura Experience Portal 6.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Conferencing 8.0
Avaya Aura Communication Manager Utility Services 6.3
Avaya Aura Communication Manager Utility Services 6.2.5.0.15
Avaya Aura Communication Manager Utility Services 6.2.4.0.15
Avaya Aura Communication Manager Utility Services 6.2
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager Utility Services 6.1.0.9.8
Avaya Aura Communication Manager Utility Services 6.1 SP 6.1.0.9.8
Avaya Aura Communication Manager Utility Services 6.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager Utility Services 6.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Apple Mac OS X 10.9.5
Apple Mac OS X 10.8.5
Apple Mac OS X 10.10.2
Apple Mac OS X 10.10.1
Apple Mac OS X 10.10
Not Vulnerable: PHP PHP 5.5.15
Apple Mac Os X 10.10.3


 

Privacy Statement
Copyright 2010, SecurityFocus