Detections
Analytics

PHP 5.4.x < 5.4.17 Buffer Overflow

high Nessus Plugin ID 67260

Language:

Synopsis

The remote web server uses a version of PHP that is potentially affected by a buffer overflow vulnerability.

Description

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.17. It is, therefore, potentially affected by a buffer overflow error that exists in the function '_pdo_pgsql_error' in the file 'ext/pdo_pgsql/pgsql_driver.c'.

Note that this plugin does not attempt to exploit this vulnerability, but instead, relies only on PHP's self-reported version number.

Solution

Apply the vendor patch or upgrade to PHP version 5.4.17 or later.

See Also

https://bugs.php.net/bug.php?id=64949

http://www.php.net/ChangeLog-5.php#5.4.17

Plugin Details

Severity: High

ID: 67260

File Name: php_5_4_17.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 7/12/2013

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Patch Publication Date: 7/4/2013

Vulnerability Publication Date: 7/4/2013