Detections
Analytics

PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass

medium Nessus Plugin ID 17714

Language:

Synopsis

The remote web server uses a version of PHP that is affected by a security bypass vulnerability.

Description

According to its banner, the version of PHP installed on the remote host is affected by a security bypass vulnerability. The Foreign Function Interface (ffi) extension does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function.

Solution

Upgrade to PHP version 5.1.0 or later.

See Also

http://pecl.php.net/package-info.php?package=ffi

Plugin Details

Severity: Medium

ID: 17714

File Name: php_ffi_security_bypass.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 11/18/2011

Updated: 11/22/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 2.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2007-4528

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP, installed_sw/PHP, Settings/PCI_DSS

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/24/2005

Vulnerability Publication Date: 8/23/2007

Reference Information

CVE: CVE-2007-4528