SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)

high Nessus Plugin ID 76909

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

PHP 5.3 has been updated to fix several security problems :

- The SPL component in PHP incorrectly anticipated that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage. (CVE-2014-3515)

- The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. (CVE-2014-0207)

- Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. (CVE-2014-3478)

- The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP relied on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. (CVE-2014-3479)

- The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file.
(CVE-2014-3480)

- The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file. (CVE-2014-3487)

- Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
(CVE-2014-4670)

- Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
(CVE-2014-4698)

- The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. (CVE-2014-4721)

Solution

Apply SAT patch number 9537.

Plugin Details

Severity: High

ID: 76909

File Name: suse_11_apache2-mod_php53-140720.nasl

Version: 1.8

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 7/30/2014

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:php53-iconv, p-cpe:/a:novell:suse_linux:11:php53, p-cpe:/a:novell:suse_linux:11:php53-pear, p-cpe:/a:novell:suse_linux:11:php53-zip, p-cpe:/a:novell:suse_linux:11:php53-gettext, p-cpe:/a:novell:suse_linux:11:php53-json, p-cpe:/a:novell:suse_linux:11:php53-mbstring, p-cpe:/a:novell:suse_linux:11:php53-ftp, p-cpe:/a:novell:suse_linux:11:php53-mcrypt, p-cpe:/a:novell:suse_linux:11:php53-pgsql, p-cpe:/a:novell:suse_linux:11:php53-shmop, p-cpe:/a:novell:suse_linux:11:php53-sysvshm, p-cpe:/a:novell:suse_linux:11:php53-wddx, p-cpe:/a:novell:suse_linux:11:php53-soap, p-cpe:/a:novell:suse_linux:11:php53-intl, p-cpe:/a:novell:suse_linux:11:php53-dba, p-cpe:/a:novell:suse_linux:11:php53-suhosin, p-cpe:/a:novell:suse_linux:11:php53-calendar, p-cpe:/a:novell:suse_linux:11:php53-mysql, p-cpe:/a:novell:suse_linux:11:php53-curl, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:php53-xsl, p-cpe:/a:novell:suse_linux:11:php53-gd, p-cpe:/a:novell:suse_linux:11:php53-pcntl, p-cpe:/a:novell:suse_linux:11:php53-gmp, p-cpe:/a:novell:suse_linux:11:php53-openssl, p-cpe:/a:novell:suse_linux:11:php53-zlib, p-cpe:/a:novell:suse_linux:11:php53-tokenizer, p-cpe:/a:novell:suse_linux:11:php53-ldap, p-cpe:/a:novell:suse_linux:11:php53-ctype, p-cpe:/a:novell:suse_linux:11:php53-fastcgi, p-cpe:/a:novell:suse_linux:11:php53-pspell, p-cpe:/a:novell:suse_linux:11:php53-fileinfo, p-cpe:/a:novell:suse_linux:11:php53-sysvsem, p-cpe:/a:novell:suse_linux:11:php53-xmlreader, p-cpe:/a:novell:suse_linux:11:php53-xmlwriter, p-cpe:/a:novell:suse_linux:11:php53-exif, p-cpe:/a:novell:suse_linux:11:apache2-mod_php53, p-cpe:/a:novell:suse_linux:11:php53-pdo, p-cpe:/a:novell:suse_linux:11:php53-odbc, p-cpe:/a:novell:suse_linux:11:php53-dom, p-cpe:/a:novell:suse_linux:11:php53-snmp, p-cpe:/a:novell:suse_linux:11:php53-sysvmsg, p-cpe:/a:novell:suse_linux:11:php53-bcmath, p-cpe:/a:novell:suse_linux:11:php53-xmlrpc, p-cpe:/a:novell:suse_linux:11:php53-bz2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 7/20/2014

Reference Information

CVE: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721

Detections

Analytics