Synopsis
The remote web server is running a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.30. It is, therefore, affected by the following vulnerabilities :
- Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions 'cdf_read_short_sector', 'cdf_check_stream_offset', 'cdf_count_chain', and 'cdf_read_property_info'. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)
- A pascal string size handling error exists related to the Fileinfo extension and the function 'mconvert'.
(CVE-2014-3478)
- A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function 'unserialize'. (CVE-2014-3515)
- An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981)
- A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of arbitrary code. (CVE-2014-4049)
- A type-confusion error exists related to the function 'php_print_info' that could allow disclosure of sensitive information. (CVE-2014-4721)
- An out-of-bounds read error exists in the timelib_meridian_with_check() function due to a failure to properly check string ends. A remote attacker can exploit this to cause a denial of service condition or to disclose memory contents.
- An out-of-bounds read error exists in the date_parse_from_format() function due to a failure in the date parsing routines to properly check string ends. A remote attacker can exploit this to cause a denial of service condition or to disclose memory contents.
- An error exists related to unserialization and 'SplFileObject' handling that could allow denial of service attacks. (Bug #67072)
- A double free error exists related to the Intl extension and the method 'Locale::parseLocale' having unspecified impact. (Bug #67349)
- A buffer overflow error exists related to the Intl extension and the functions 'locale_get_display_name' and 'uloc_getDisplayName' having unspecified impact.
(Bug #67397)
Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
Solution
Upgrade to PHP version 5.4.30 or later.
Plugin Details
File Name: php_5_4_30.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Exploit Ease: No exploit is required
Patch Publication Date: 6/26/2014
Vulnerability Publication Date: 6/26/2014
Reference Information
CVE: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4721
BID: 68243, 68423, 68550, 67837, 68007, 68120, 68237, 68238, 68239, 68241