PHP unserialize() Function Type Confusion Security Vulnerability

Bugtraq ID: 68237
Class: Design Error
CVE: CVE-2014-3515
Remote: Yes
Local: No
Published: Jun 26 2014 12:00AM
Updated: Sep 23 2016 12:01AM
Credit: The vendor reported this issue.
Vulnerable: Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 13.10
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.0
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server EUS 6.5.z
Redhat Enterprise Linux Server AUS 6.5
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux 5 Server
PHP PHP 5.5.13
PHP PHP 5.5.12
PHP PHP 5.5.11
PHP PHP 5.5.10
PHP PHP 5.5.5
PHP PHP 5.5.4
PHP PHP 5.5.3
PHP PHP 5.5.1
PHP PHP 5.5
PHP PHP 5.4.29
PHP PHP 5.4.26
PHP PHP 5.4.25
PHP PHP 5.4.17
PHP PHP 5.4.14
PHP PHP 5.4.8
PHP PHP 5.4.7
PHP PHP 5.4.6
PHP PHP 5.4.4
PHP PHP 5.4.3
PHP PHP 5.4.2
PHP PHP 5.4.1
PHP PHP 5.5.9
PHP PHP 5.5.8
PHP PHP 5.5.7
PHP PHP 5.5.2
PHP PHP 5.5.0-DEV
PHP PHP 5.5.0 Rc2
PHP PHP 5.5.0 Rc1
PHP PHP 5.5.0 Beta4
PHP PHP 5.5.0 Beta3
PHP PHP 5.5.0 Beta2
PHP PHP 5.5.0 Beta1
PHP PHP 5.5.0 Alpha6
PHP PHP 5.5.0 Alpha5
PHP PHP 5.5.0 Alpha4
PHP PHP 5.5.0 Alpha3
PHP PHP 5.5.0 Alpha2
PHP PHP 5.5.0 Alpha1
PHP PHP 5.4SVN-2012-02-03
PHP PHP 5.4.9
PHP PHP 5.4.5
PHP PHP 5.4.28
PHP PHP 5.4.27
PHP PHP 5.4.24
PHP PHP 5.4.23
PHP PHP 5.4.22
PHP PHP 5.4.21
PHP PHP 5.4.20
PHP PHP 5.4.1RC1-DEV
PHP PHP 5.4.19
PHP PHP 5.4.18
PHP PHP 5.4.16 Rc1
PHP PHP 5.4.16
PHP PHP 5.4.15 Rc1
PHP PHP 5.4.15
PHP PHP 5.4.14 Rc1
PHP PHP 5.4.13 Rc1
PHP PHP 5.4.13
PHP PHP 5.4.12 Rc2
PHP PHP 5.4.12 Rc1
PHP PHP 5.4.12
PHP PHP 5.4.11
PHP PHP 5.4.10
PHP PHP 5.4.0RC2
PHP PHP 5.4.0beta2
Oracle Enterprise Linux 7
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
Kerio Kerio Control 9.1.1 build 1324
Kerio Kerio Control 9.1.0 build 1087
IBM QRadar Incident Forensics 7.2 MR2
IBM Lotus Protector for Mail Security 2.8 0
IBM Lotus Protector for Mail Security 2.8.1.0
HP HP-UX B.11.31
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 6
Apple Mac OS X 10.9.1
Apple Mac OS X 10.9.4
Apple Mac OS X 10.9.4
Apple Mac OS X 10.9.3
Apple Mac OS X 10.9.2
Apple Mac OS X 10.9
Not Vulnerable: PHP PHP 5.5.14
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 5.4.30
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Kerio Kerio Control 9.1.3
IBM QRadar Incident Forensics 7.2 MR3
Apple Mac OS X 10.9.5


 

Privacy Statement
Copyright 2010, SecurityFocus