Detections
Analytics

PHP 5.6.x < 5.6.27 Multiple Vulnerabilities

critical Nessus Plugin ID 94106

Language:

Synopsis

The version of PHP running on the remote web server is affected by multiple vulnerabilities.

Description

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities :

 - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML() function within file ext/simplexml/simplexml.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - A heap-based buffer overflow condition exists in the php_ereg_replace() function within file ext/ereg/ereg.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

 - A flaw exists in the openssl_random_pseudo_bytes() function within file ext/openssl/openssl.c when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - A flaw exists in the openssl_encrypt() function within file ext/openssl/openssl.c when handling strings larger than 2GB. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - An integer overflow condition exists in the imap_8bit() function within file ext/imap/php_imap.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

 - A flaw exists in the _bc_new_num_ex() function within file ext/bcmath/libbcmath/src/init.c when handling values passed via the 'scale' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - A flaw exists in the php_resolve_path() function within file main/fopen_wrappers.c when handling negative size values passed via the 'filename' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - A flaw exists in the dom_document_save_html() function within file ext/dom/document.c due to missing NULL checks. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - A use-after-free error exists in the unserialize() function that allows an unauthenticated, remote attacker to dereference already freed memory, resulting in the execution of arbitrary code.

 - An integer overflow condition exists in the mb_encode_*() functions in file ext/mbstring/mbstring.c due to improper validation of the length of encoded data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

 - A NULL pointer dereference flaw exists in the CachingIterator() function within file ext/spl/spl_iterators.c when handling string conversions. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - An integer overflow condition exists in the number_format() function within file ext/standard/math.c when handling 'decimals' and 'dec_point' parameters that have values that are equal or close to 0x7fffffff. An unauthenticated, remote attacker can exploit this to cause a heap buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.

 - A stack-based overflow condition exists in the ResourceBundle::create and ResourceBundle::getLocales methods and their respective functions within file ext/intl/resourcebundle/resourcebundle_class.c due to improper validation of input passed via the 'bundlename' parameter. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution or arbitrary code.

 - An integer overflow condition exists in the php_pcre_replace_impl() function within file ext/pcre/php_pcre.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to PHP version 5.6.27 or later.

See Also

http://www.php.net/ChangeLog-5.php#5.6.27

Plugin Details

Severity: Critical

ID: 94106

File Name: php_5_6_27.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 10/18/2016

Updated: 5/31/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Patch Publication Date: 10/13/2016

Vulnerability Publication Date: 10/11/2016