Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services

[Marcio B. Jr.]

On Tue, Apr 24, 2012 at 11:07 AM, Jim Harrison  wrote:
> IMHO, anyone who willingly, knowingly places customer data at risk by 
> inviting attacks
> on their production systems is playing a very dangerous game.


It would be less inconsistent if their main web services were open
source. At least we would have sort of a Bazaar model.



Marcio Barbado, Jr.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services

[Charlie Derr]

On 04/26/2012 08:45 AM, Bob McConnell wrote:
>> From: Michal Zalewski
>> 
>>> A you-only-get-it-when-successful 20,000$ budget from Google is insulting, 
>>> considering the perhaps massive time
>>> investment from the researcher. [...] and yet they only pay a nice 
>>> researcher 20 grand? You can't even live on
>>> that. Researchers aren't just kids with no responsibilities, they have 
>>> mortgages and families
>> 
>> People who want to make a living helping to improve Google security are 
>> welcome to apply for a job :-) We have a
>> remarkably large and interesting security team.
>> 
>> The program simply serves to complement that (and some other, 
>> contract-driven efforts), and it works for quite a
>> few people who see it as a way to do something useful on the side, and get 
>> compensated for it, too.
>> 
>> Now, I have done a fair amount of vulnerability research in my life, I do 
>> have a family and a mortgage - and I
>> still wouldn't see $20k as an insult; but I know that this is subjective. In 
>> that spirit, you are at liberty to
>> determine whether to participate, and how much time to invest into the 
>> pursuit :-)
> 
> Another point that seems to be overlooked in these discussions is that this 
> bounty adds a new vector into the
> decision tree for the black hat. EvilBob now has to decide if that 
> vulnerability he just found is worth more for his
> usual nefarious uses than the cash reward. In some cases, this might result 
> in discoveries being reported for the
> reward instead of being used to attack the servers, converting the black hat 
> over to white. I suspect the likelihood
> of this outcome increases exponentially with the size of the reward.
> 
> Bob McConnell
> 

>From a strictly pragmatic point of view, I find this argument complete (and 
>somewhat compelling).  From a "moral"
standpoint it does leave a bad taste in my mouth though, as I have no illusions 
at all that anyone has been "converted"
from black hat to white hat (except for that single case where a bounty is 
being offered).  And there is the reality
then that a black hat's actions are being "rewarded" (and the possibility 
(already expressed on some of these lists)
that there will be a future expectation from other entities to similarly 
"reward" such behavior).

   anyhow, that's my $.019... (for whatever it's worth),
 ~c

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services

[Bob McConnell]

> From: Michal Zalewski
> 
> > A you-only-get-it-when-successful 20,000$ budget from Google is
> > insulting, considering the perhaps massive time investment from
> > the researcher. [...] and yet they only pay a nice researcher 20
> > grand? You can't even live on that. Researchers aren't just kids
> > with no responsibilities, they have mortgages and families
> 
> People who want to make a living helping to improve Google security
> are welcome to apply for a job :-) We have a remarkably large and
> interesting security team.
> 
> The program simply serves to complement that (and some other,
> contract-driven efforts), and it works for quite a few people who see
> it as a way to do something useful on the side, and get compensated
> for it, too.
> 
> Now, I have done a fair amount of vulnerability research in my life, I
> do have a family and a mortgage - and I still wouldn't see $20k as an
> insult; but I know that this is subjective. In that spirit, you are at
> liberty to determine whether to participate, and how much time to
> invest into the pursuit :-)

Another point that seems to be overlooked in these discussions is that this 
bounty adds a new vector into the decision tree for the black hat. EvilBob now 
has to decide if that vulnerability he just found is worth more for his usual 
nefarious uses than the cash reward. In some cases, this might result in 
discoveries being reported for the reward instead of being used to attack the 
servers, converting the black hat over to white. I suspect the likelihood of 
this outcome increases exponentially with the size of the reward.

Bob McConnell

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability

[Research]

Title:
==
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability


Date:
=
2012-04-24


References:
===
http://www.vulnerability-lab.com/get_content.php?id=484


VL-ID:
=
484


Introduction:
=
XPhone Unified Communications 2011 ist die leistungsstärkste Telefonie- und 
Kommunikationslösung von C4B. 
Sie ist leicht zu bedienen und verbessert die Arbeitsabläufe  in Unternehmen. 
Die Lösung integriert sich 
nahtlos in bestehende Anwendungen und nutzt die vorhandene Telefonanlage und 
IT-Infrastruktur. Dabei 
werden die verschiedensten Kommunikationsmittel wie Telefon, Handy, Fax, 
Voicemail, SMS und Instant Messaging 
vereint und mit Präsenzinformationen kombiniert. Die Software stellt 
leistungsfähige Telefonie-Funktionen in 
praktisch allen Anwendungen wie z.B. Microsoft Outlook, Lotus Notes, 
Warenwirtschaftssystemen (ERP), 

Kundendatenbanken (CRM) oder dem Webbrowser zur Verfügung. Die Verknüpfung von 
Telefonereignissen mit bestimmten 
Aktionen, z.B. Starten von Anwendungen, automatische Erstellung von Briefen 
oder Faxe u.v.m, verbessert die 
Arbeitsabläufe in Unternehmen spürbar.

(Copy of the Vendor Homepage: http://www.c4b.de )


Abstract:
=
A Vulnerability Laboratory Researcher discovered a persistent Cross-Site 
Scripting vulnerability in C4B XPhone UC Web v4.1.890SR1.


Report-Timeline:

2012-04-24: Public or Non-Public Disclosure


Status:

Published


Affected Products:
==
C4B
Product: XPhone UC Web v4.1.890SR1


Exploitation-Technique:
===
Remote


Severity:
=
Medium


Details:

A persistent Cross-Site Scripting vulnerability has been detected on C4B XPhone 
UC Web v4.1.890SR1 and versions below. 
The bug allows an attacker to inject arbitrary script code on the application 
side (persistent) via for example 
a connected groupware application like Microsoft Outlook or IBM Lotus Notes. 
The injected script code is 
executed on every client who is searching for details of the manipulated user 
on the web application. Successful 
exploitation of the vulnerability can therefor lead to session hijacking or 
stable (persistent) context manipulation.

Vulnerable Module(s):
[+] Work => Home/Work => Company Name (Input)
[+] Contact Phone Listing => Company Name 
Display Conversation (Output)


Picture(s):
../1.png
../2.png


Proof of Concept:
=
The vulnerability can be exploited by a remote attacker who is able to change 
his own Groupware details to inject arbitrary code 
like shown on the screenshots, which results in a persistent context 
manipulation ...

File: Client.aspx


  Julien Ahrens
  Vulnerability-Labhttp://www.vulnerability-lab.com/index.php";>



  Julien Ahrens
  Vulnerability-Lab




Risk:
=
The security risk of the persistent cross site scripting vulnerability is 
estimated as medium.


Credits:

Vulnerability Research Laboratory   -   Julien Ahrens  (MrTuxracer)  
[www.inshell.net]


Disclaimer:
===
The information provided in this advisory is provided as it is without any 
warranty. Vulnerability-Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and 
capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, 
indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have 
been advised of the possibility of such damages. Some 
states do not allow the exclusion or limitation of liability for consequential 
or incidental damages so the foregoing limitation 
may not apply. Any modified copy or reproduction, including partially usages, 
of this file requires authorization from Vulnerability-
Lab. Permission to electronically redistribute this alert in its unmodified 
form is granted. All other rights, including the use of 
other media, are reserved by Vulnerability-Lab or its suppliers.

Copyright © 2012 
Vulnerability-Lab




-- 
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: resea...@vulnerability-lab.com


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Car Portal CMS v3.0 - Multiple Web Vulnerabilities

[Research]

Title:
==
Car Portal CMS v3.0 - Multiple Web Vulnerabilities


Date:
=
2012-04-24


References:
===
http://www.vulnerability-lab.com/get_content.php?id=502



VL-ID:
=
502


Introduction:
=
Car Portal is a php software product for running auto classifieds websites. It 
provides functionality 
for the private sellers to sign up, list their car for sale and make changes in 
their ads online using 
the private sellers administration space. The product provides special 
functionality for the dealers 
to work and manage multiple ads. An affiliate functionality is also included, 
affiliate partners may 
sign up and earn commissions on all the sales done through their links. The 
product comes with a 
powerful admin panel for the administrators, allowing them not only to manage 
the cars portal settings, 
the dealers, affiliates etc. but also providing full control over the website, 
its structure and content, 
also statistics, search engines functionality and others. 

(Copy of the Vendor Homepage: http://www.dream-autos.com/ )


Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Web 
Vulnerabilities in the Car Portal v3.0  web application.


Report-Timeline:

2012-04-24: Public or Non-Public Disclosure


Status:

Published


Exploitation-Technique:
===
Remote


Severity:
=
Medium


Details:

1.1
Multiple persistent input validation vulnerabilities are detected in the car 
portal v3.0 web application.
The bugs allow remote attackers to implement/inject malicious script code on 
the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking 
(manager/admin) or stable (persistent) 
context manipulation. Exploitation requires low user inter action.

Vulnerable Module(s):
[+] Post a new vehicle  - PWRS & Description 
field 
[+] Create News - News title
[+] Create a sub user - Name
[+] Create new user group - group Name
[+] Change profile - Dealer name &First Name & 
Last Name

1.2
Multiple cross site request forgery vulnerabilities are detected in the car 
portal v3.0 web application.
The bugs allow remote attackers to enforce the user (admin) to change user`s 
password, Create a user, sub user, or change profile information
Successful exploitation of the vulnerability can lead to creating a new admin 
account or changing  user`s password.

Vulnerable Module(s):
[+] 
cars/ADMIN/index.php?category=security&action=nouveau
[+] 
USERS/index.php?category=profile&action=edit
[+] 
USERS/index.php?category=home&action=sub_accounts

1.3
Arbitrary file upload allows the attacker to upload files that differs than 
images. The attacker can upload the file by 
changing its name from file.php to file.php%00.php. After the uploading the 
file .jpg of the file will be truncated  and the 
file will save on the sever as file.php.
Successful exploitation can result in malware or malicious web shell upload 
which results in a system comrpomise at the end.


Proof of Concept:
=
The vulnerabilities can be exploited by remote attackers with required low & 
high required user inter action. 
For demonstration or reproduce ...


1.1
The issue can be exploited by creating news, new sub user, or new group with 
script code as value.
The result is the persistent execution out of the web application context. 

Strings: >"3 ... or 
>"alert(document.cookie)
 http://www.officialdemos.com/cars/ADMIN/index.php?category=security&action=nouveau";>

 
 


 
 
 
 

1.3
The attacker can exploit this vulnerability by uploading the file with name 
file.php%00.jpg instead of file.php



Risk:
=
1.1
The security risk of the persistent input validation vulnerability is estimated 
as medium(+).

1.2
The security risk of the cross site request forgery vulnerability is estimated 
as low.

1.3
The security risk of the arbitrary file upload vulnerability is estimated as 
medium(+).


Credits:

Vulnerability Laboratory Research Team -the_storm 
(st...@vulnerability-lab.com)



Disclaimer:
===
The information provided in this advisory is provided as it is without any 
warranty. Vulnerability-Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and 
capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, 
indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have 
been advised of the possibility of suc

[Full-disclosure] DIY CMS v1.0 Poll - Multiple Web Vulnerabilities

[Research]

Title:
==
DIY CMS v1.0 Poll - Multiple Web Vulnerabilities


Date:
=
2012-04-26


References:
===
http://www.vulnerability-lab.com/get_content.php?id=518


VL-ID:
=
518


Introduction:
=
Do It Yourslef Content Management System is a feature-rich, php-built, 
mysql-based, opensource and free CMS. 
It is suitable to manage any kind of contents. It is modular, extensible and 
easliy skinnable. Build your own modules for specific 
purposes, add certain functionalites to suit your needs and design a theme that 
represents the content of your website. 

(Copy of the Vendor Homepage: http://diy-cms.com)


Abstract:
=
A Vulnerability Laboratory researcher discovered multiple web vulnerabilities 
in DIY v1.0 Content Management System.


Report-Timeline:

2012-04-16: Public or Non-Public Disclosure


Status:

Published


Exploitation-Technique:
===
Remote


Severity:
=
High


Details:

1.1
A SQL Injection vulnerability  is detected in DIY v1.0 Content Management 
System.
The vulnerability allows an attacker (remote) or local low privileged user 
account to inject/execute own sql commands 
on the affected application dbms. Successful exploitation of the vulnerability 
results in dbms & application compromise.

Vulnerable Module(s): 
   [+] Mod - Poll

1.2
Multiple non persistent cross site scripting vulnerability is detected  in DIY 
v1.0 Content Management System.
The vulnerability allows remote attackers to hijack website customer, moderator 
or admin sessions with high required 
user inter action or local low privileged user account. Successful exploitation 
can result in account steal, phishing 
& client-side content request manipulation.

Vulnerable Module(s): 
   [+] Poll - Question & Answer 
Input/Output


1.3
A cross site request forgery vulnerability is detected  in DIY v1.0 Content 
Management System. The bugs allow remote 
attackers with high required user inter action to edit user accounts. 
Successful exploitation can lead to account access.
To exploit the issue the attacker need to create a manipulated copy the edit 
user mask/form. Inside of the document the 
remote can implement his own values for the update because of no form or token 
protection. When admin get now forced to 
execute the script via link he is executing the new value on the update of the 
application if his session is not expired.

Vulnerable Module(s): 
   [+] &modfile=add


Proof of Concept:
=
1.1
The sql injection vulnerabilities can be exploited by remote attackers without 
user inter action.
Exploitation requires the possibility to allow an attacker to add or config a 
poll.
For demonstration or reproduce ...

PoC:
diy-cms/mod.php?mod=poll&start=`[SQL-INJECTION]--


1.2
The cross site vulnerabilities can be exploited by remote attackers with medium 
required user inter action.
For demonstration or reproduce ...

PoC:
diy-cms/modules/poll/add.php[Cross Site Scripting]


1.3
The cross site request forgery vulnerabilities can be exploited by remote 
attackers with high required user inter action.
For demonstration or reproduce ...

http://127.0.0.1/diy/mod.php?mod=poll&modfile=add"; method="post" 
name="add_poll" enctype="multipart/form-data">











Solution:
=
1.1

In file /diy-cms/modules/poll/index.php 
line: 50 - 55

$ppp = $mod->setting(/`polls_per_page/`);
if(!isset($_GET[/`start/`]))
{$start = /`0/`;
}else{
$start = $_GET[/`start/`];
}

we edit to:

$ppp = $mod->setting(/`polls_per_page/`);
if(!isset($_GET[/`start/`]))
{$start = /`0/`;
}else{
$start = (int)$_GET[/`start/`];
}



1.2

In file /diy-cms/modules/poll/add.php
line: 53 - 84

 if($submit)
{
   extract($_POST);
   $type  = $_POST[/``polltype/``];
   $question = $_POST[/``question/``];
   $status = $_POST[/``active/``];
   $date = time();

   $arr_post_vars = array($type,  $question);

   if (!required_entries($arr_post_vars))
   {
   error_message($lang[/`LANG_ERROR_VALIDATE/`]);
   }

   if($status == /`1/`)
   {
  $result = $diy_db->query(/``update diy_poll_questions set 
status=/`0/`/``);
  }
 
  $result = $diy_db->query(/``INSERT INTO diy_poll_questions VALUES 
(/`/`,/`$question/`,/`$type/`,/`$status/`,/`$date/`)/``);
  $qid = $diy_db->insertid();

we edit to:

 if($submit)
 {
 extract($_POST);
 $type  = $_POST[/``polltype/``];
 $question = $_POST[/``question/``];
 $status = $_POST[/``active/``];
 

[Full-disclosure] DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities

[Research]

Title:
==
DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities


Date:
=
2012-04-25


References:
===
http://www.vulnerability-lab.com/get_content.php?id=509


VL-ID:
=
509


Introduction:
=
DirectAdmin is a graphical web-based web hosting control panel designed to make 
administration 
of websites easier. DirectAdmin is compatible with several versions of Red Hat, 
Fedora Core, Red 
Hat Enterprise Linux, CentOS, FreeBSD, Ubuntu and Debian.DirectAdmin is often 
called DA for short

(Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/DirectAdmin )


Abstract:
=
A Vulnerability Laboratory Researcher discovered multiple client side Cross 
Site Scripting Vulnerabilities on DirectAdmins Management Application.


Report-Timeline:

2012-04-25: Public or Non-Public Disclosure


Status:

Published


Exploitation-Technique:
===
Remote


Severity:
=
Low


Details:

A client side cross site scripting vulnerability is detected on DirectAdmins 
Management Web-Application.
The vulnerability allows an attacker with privileged user account to hijack 
customer/moderator/admin sessions with high required user inter 
action. Successful exploitation can result in account steal or client side 
context manipulation when processing affected module
application requests.

Vulnerable Module(s):
  [+] CMD_DOMAIN  -  
confirmed=Confirm&delete=yes&select0=

Picture(s):
  ../1.png
  ../2.png


Proof of Concept:
=
The vulnerability can be exploited by remote attacker with medium required user 
inter action. For demonstration or reproduce ...

https://your.ip.to.directadmin:/CMD_DOMAIN?action=select&delete=Delete&select8=test.plaa
%22%3E%3Cscript%3Ealert%28VL%29%3C/script%3E

https://your.ip.to.directadmin:/CMD_DOMAIN?confirmed=Confirm&delete=yes&select0=test.pl
%3Cscript%3Ealert%28VL%29%3C/script%3E 


Risk:
=
The security risk of the client side cross site vulnerabilities are estimated 
as low(+).


Credits:

Vulnerability Research Laboratory - Dawid Golak (dawid.go...@gmail.com)


Disclaimer:
===
The information provided in this advisory is provided as it is without any 
warranty. Vulnerability-Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and 
capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, 
indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have 
been advised of the possibility of such damages. Some 
states do not allow the exclusion or limitation of liability for consequential 
or incidental damages so the foregoing limitation 
may not apply. Any modified copy or reproduction, including partially usages, 
of this file requires authorization from Vulnerability-
Lab. Permission to electronically redistribute this alert in its unmodified 
form is granted. All other rights, including the use of 
other media, are reserved by Vulnerability-Lab or its suppliers.

Copyright © 2012 
Vulnerability-Lab




-- 
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: resea...@vulnerability-lab.com


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal

[ddivulnalert]

Title
-
DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal

Severity

High

Date Discovered
---
March 8, 2012

Discovered By
-
Digital Defense, Inc. Vulnerability Research Team
Credit: shmoov and r@b13$

Vulnerability Description
-
The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a 
directory traversal vulnerability within the cgi-bin directory. An 
unauthenticated remote attacker can use this vulnerability to retrieve 
arbitrary files that are located outside the root of the web server.

Solution Description

The production of the cameras employing this version of the ACTi Web 
Configurator have been discontinued. However, a firmware upgrade which 
addresses the issue is available for download from the ACTi support team. 
Please contact the ACTi support team to retrieve the firmware upgrade and 
instructions on how to apply the changes.

Tested Systems / Software
-
ACTi Web Configurator 3.0 - camera version unknown

Vendor Contact
--
Vendor Name: ACTi Corporation | http://www.acti.com/corporate/Brief.asp
Vendor Website: http://www.acti.com/home/index.asp

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal

[ddivulnalert]

Title
-
DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal

Severity

High

Date Discovered
---
March 12, 2012

Discovered By
-
Digital Defense, Inc. Vulnerability Research Team
Credit: r@b13$

Vulnerability Description
-
Multiple PacketVideo products contain a directory traversal vulnerability 
within the web server that is running on port 9000. These products are 
vulnerable to the attack regardless of having configured the “Secured Server 
Settings” which are available on the Advanced configuration page. Susceptible 
products include the Twonky 7.0 Special and the TwonkyManager 3.0.

An unauthenticated remote attacker can use this vulnerability to retrieve 
arbitrary files that are located outside the root of the web server.

Solution Description

PacketVideo has addressed the issue. Contact the vendor for the software update.

Tested Systems / Software
-
Twonky 7.0 Special on Windows Vista
TwonkyManager 3.0 on Windows Vista

Vendor Contact
--
Vendor Name: PacketVideo Corporation | http://www.pv.com/
Vendor Website: http://twonky.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2012:065 ] php

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2012:065
 http://www.mandriva.com/security/
 ___

 Package : php
 Date: April 27, 2012
 Affected: 2010.1, 2011.
 ___

 Problem Description:

 Multiple vulnerabilities has been identified and fixed in php:
 
 The PDORow implementation in PHP before 5.3.9 does not properly
 interact with the session feature, which allows remote attackers to
 cause a denial of service (application crash) via a crafted application
 that uses a PDO driver for a fetch and then calls the session_start
 function, as demonstrated by a crash of the Apache HTTP Server
 (CVE-2012-0788). Note: this was fixed with php-5.3.10
 
 The php_register_variable_ex function in php_variables.c in PHP
 5.3.9 allows remote attackers to execute arbitrary code via a request
 containing a large number of variables, related to improper handling
 of array variables.  NOTE: this vulnerability exists because of an
 incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed
 with php-5.3.10
 
 PHP before 5.3.10 does not properly perform a temporary change
 to the magic_quotes_gpc directive during the importing of
 environment variables, which makes it easier for remote attackers
 to conduct SQL injection attacks via a crafted request, related to
 main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c
 (CVE-2012-0831).
 
 Insufficient validating of upload name leading to corrupted $_FILES
 indices (CVE-2012-1172).
 
 The updated php packages have been upgraded to 5.3.11 which is not
 vulnerable to these issues.
 
 Stack-based buffer overflow in the suhosin_encrypt_single_cookie
 function in the transparent cookie-encryption feature in the Suhosin
 extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and
 suhosin.multiheader are enabled, might allow remote attackers to
 execute arbitrary code via a long string that is used in a Set-Cookie
 HTTP header (CVE-2012-0807). The php-suhosin packages has been upgraded
 to the 0.9.33 version which is not affected by this issue.
 
 Additionally some of the PECL extensions has been upgraded to their
 latest respective versions which resolves various upstream bugs.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0788
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0807
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172
 http://www.php.net/ChangeLog-5.php#5.3.10
 http://www.php.net/ChangeLog-5.php#5.3.11
 ___

 Updated Packages:

 Mandriva Linux 2010.1:
 762b3c6f3be7adf869f541b6a130717e  
2010.1/i586/apache-mod_php-5.3.11-0.1mdv2010.2.i586.rpm
 44878384515d414ed2f56a8118f50353  
2010.1/i586/libphp5_common5-5.3.11-0.1mdv2010.2.i586.rpm
 424b19e4362a83d67e8cab7d566f2669  
2010.1/i586/php-bcmath-5.3.11-0.1mdv2010.2.i586.rpm
 d390c1327972da247f99a6d1a1985308  
2010.1/i586/php-bz2-5.3.11-0.1mdv2010.2.i586.rpm
 ab87347db0732d0e512204df1a8c4c5d  
2010.1/i586/php-calendar-5.3.11-0.1mdv2010.2.i586.rpm
 865e4851583eb183e99ee55928ad07d2  
2010.1/i586/php-cgi-5.3.11-0.1mdv2010.2.i586.rpm
 f8054f0d35c8690533b9c794d8513c0f  
2010.1/i586/php-cli-5.3.11-0.1mdv2010.2.i586.rpm
 322a38d7a1fd5ecae2dc519c1e14a702  
2010.1/i586/php-ctype-5.3.11-0.1mdv2010.2.i586.rpm
 96389d107f3e77f97342dbf71f9b5597  
2010.1/i586/php-curl-5.3.11-0.1mdv2010.2.i586.rpm
 ccd91cc64caa7fe6948879ee9bc5b05e  
2010.1/i586/php-dba-5.3.11-0.1mdv2010.2.i586.rpm
 7e2f23b1713b078f8250ffaef0954f46  
2010.1/i586/php-devel-5.3.11-0.1mdv2010.2.i586.rpm
 2c8817cc3fe6e54bb590af109a3c  
2010.1/i586/php-doc-5.3.11-0.1mdv2010.2.i586.rpm
 9543bd582f9b588c983293be26730b2c  
2010.1/i586/php-dom-5.3.11-0.1mdv2010.2.i586.rpm
 d596e76039be48f9efed3b0ec44a7651  
2010.1/i586/php-enchant-5.3.11-0.1mdv2010.2.i586.rpm
 528f8149aa39e0895c3536f07c5ebebc  
2010.1/i586/php-exif-5.3.11-0.1mdv2010.2.i586.rpm
 631159cc407f02d76928c6ee08e8be9e  
2010.1/i586/php-fileinfo-5.3.11-0.1mdv2010.2.i586.rpm
 44f0129abd50bad2e926a97a632332cd  
2010.1/i586/php-filter-5.3.11-0.1mdv2010.2.i586.rpm
 e5a62d4c7a1139c68346919e010375ce  
2010.1/i586/php-fpm-5.3.11-0.1mdv2010.2.i586.rpm
 168de10d51d1ae5e038097f7d0b39eb5  
2010.1/i586/php-ftp-5.3.11-0.1mdv2010.2.i586.rpm
 e199f40ea2b88120e8c3e58e2ec28c8e  
2010.1/i586/php-gd-5.3.11-0.1mdv2010.2.i586.rpm
 aab70ea3f380a6bb0ced6e9813cfcaac  
2010.1/i586/php-gettext-5.3.11-0.1mdv2010.2.i586.rpm
 a9edfeba40fc57908fad763e49136ca6  
2010.1/i586/php-gmp-5.3.11-0.1mdv2010.2.i586.rpm
 1935290933dccfc895a9771a36705e9e  
2010