ID

VAR-202002-0084


CVE

CVE-2011-3336


TITLE

regcomp of BSD implementation Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2011-005609

DESCRIPTION

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. PHP is prone to an 'open_basedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to read and write files in unauthorized locations. This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, 'open_basedir' restrictions are expected to isolate users from each other. PHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be affected. Successful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users. The libc library of the following platforms are affected: NetBSD 5.1 OpenBSD 5.0 FreeBSD 8.2 Apple Mac OSX Other versions may also be affected. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation

Trust: 2.25

sources: NVD: CVE-2011-3336 // JVNDB: JVNDB-2011-005609 // BID: 37032 // BID: 50541 // VULHUB: VHN-51281

AFFECTED PRODUCTS

vendor:freebsdmodel:freebsdscope:eqversion:8.2

Trust: 1.3

vendor:openbsdmodel:openbsdscope:eqversion:5.0

Trust: 1.0

vendor:phpmodel:phpscope:lteversion:5.3.10

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.3.0

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.7.2

Trust: 1.0

vendor:freebsdmodel:freebsdscope: - version: -

Trust: 0.8

vendor:openbsdmodel:openbsdscope: - version: -

Trust: 0.8

vendor:the php groupmodel:phpscope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:phpmodel:phpscope:eqversion:5.3

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.3

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.4

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.10

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.1

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.6

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.8

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.5

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.7

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.2

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.3.9

Trust: 0.6

vendor:phpmodel:rc1scope:eqversion:5.3.4

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.2.11

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.12

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

sources: BID: 37032 // BID: 50541 // JVNDB: JVNDB-2011-005609 // NVD: CVE-2011-3336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3336
value: HIGH

Trust: 1.0

NVD: JVNDB-2011-005609
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201111-154
value: HIGH

Trust: 0.6

VULHUB: VHN-51281
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-3336
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2011-005609
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-51281
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2011-3336
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2011-005609
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-51281 // JVNDB: JVNDB-2011-005609 // CNNVD: CNNVD-201111-154 // NVD: CVE-2011-3336

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-51281 // JVNDB: JVNDB-2011-005609 // NVD: CVE-2011-3336

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201111-154

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201111-154

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005609

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-51281

PATCH

title:Top Pageurl:https://www.apple.com/

Trust: 0.8

title:Top Pageurl:https://www.freebsd.org/

Trust: 0.8

title:Top Pageurl:https://www.openbsd.org/

Trust: 0.8

title:Top Pageurl:https://www.php.net/

Trust: 0.8

title:NetBSD/OpenBSD/FreeBSD/Apple Multiple vendors libc Library Stack Lost Denial of Service Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108022

Trust: 0.6

sources: JVNDB: JVNDB-2011-005609 // CNNVD: CNNVD-201111-154

EXTERNAL IDS

db:NVDid:CVE-2011-3336

Trust: 2.8

db:BIDid:50541

Trust: 2.0

db:CXSECURITYid:WLB-2011110082

Trust: 1.7

db:JVNDBid:JVNDB-2011-005609

Trust: 0.8

db:CNNVDid:CNNVD-201111-154

Trust: 0.7

db:CXSECURITYid:WLB-2012030272

Trust: 0.6

db:BIDid:37032

Trust: 0.3

db:EXPLOIT-DBid:36288

Trust: 0.1

db:PACKETSTORMid:106589

Trust: 0.1

db:VULHUBid:VHN-51281

Trust: 0.1

sources: VULHUB: VHN-51281 // BID: 37032 // BID: 50541 // JVNDB: JVNDB-2011-005609 // CNNVD: CNNVD-201111-154 // NVD: CVE-2011-3336

REFERENCES

url:https://www.securityfocus.com/archive/1/520390

Trust: 2.5

url:http://www.securityfocus.com/bid/50541

Trust: 1.7

url:http://seclists.org/fulldisclosure/2014/mar/166

Trust: 1.7

url:https://cxsecurity.com/issue/wlb-2011110082

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2011-3336

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3336

Trust: 0.8

url:http://cxsecurity.com/issue/wlb-2012030272

Trust: 0.6

url:http://securityreason.com/achievement_securityalert/70

Trust: 0.3

url:http://securityreason.com/achievement_exploitalert/14

Trust: 0.3

url:http://www.php.net/

Trust: 0.3

url:http://securityreason.com/achievement_securityalert/102

Trust: 0.3

url:/archive/1/520390

Trust: 0.3

sources: VULHUB: VHN-51281 // BID: 37032 // BID: 50541 // JVNDB: JVNDB-2011-005609 // CNNVD: CNNVD-201111-154 // NVD: CVE-2011-3336

CREDITS

Maksymilian Arciemowicz

Trust: 1.2

sources: BID: 37032 // BID: 50541 // CNNVD: CNNVD-201111-154

SOURCES

db:VULHUBid:VHN-51281
db:BIDid:37032
db:BIDid:50541
db:JVNDBid:JVNDB-2011-005609
db:CNNVDid:CNNVD-201111-154
db:NVDid:CVE-2011-3336

LAST UPDATE DATE

2024-08-14T13:44:25.151000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-51281date:2020-02-18T00:00:00
db:BIDid:37032date:2015-03-19T08:39:00
db:BIDid:50541date:2014-03-17T11:35:00
db:JVNDBid:JVNDB-2011-005609date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-201111-154date:2021-07-12T00:00:00
db:NVDid:CVE-2011-3336date:2020-02-18T19:49:54.197

SOURCES RELEASE DATE

db:VULHUBid:VHN-51281date:2020-02-12T00:00:00
db:BIDid:37032date:2009-11-13T00:00:00
db:BIDid:50541date:2011-11-04T00:00:00
db:JVNDBid:JVNDB-2011-005609date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-201111-154date:1900-01-01T00:00:00
db:NVDid:CVE-2011-3336date:2020-02-12T20:15:13.353