Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
Versions of PHP 5.4.x earlier than 5.4.30, or 5.5.x earlier than 5.5.14 are exposed to the following issues :
- Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions 'cdf_read_short_sector', 'cdf_check_stream_offset', 'cdf_count_chain' and 'cdf_read_property_info'. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)
- A pascal string size handling error exists related to the Fileinfo extension and the function 'mconvert'. (CVE-2014-3478)
- A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function 'unserialize'. (CVE-2014-3515)
- An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981)
- A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of arbitrary code. (CVE-2014-4049)
- A type-confusion error exists related to the 'php_print_info' function which could allow disclosure of sensitive information. (CVE-2014-4721)
- An error exists related to the unserialization and 'SplFileObject' handling that could allow denial of service attacks. (Bug 67072)
- A double free error exists related to the 'Intl' extension and the method 'Locale::parseLocale' having an unspecified impact. (Bug 67349)
- A buffer overflow error exists related to the 'Intl' extension and the functions 'locale_get_display_name' and 'uloc_getDisplayName' having unspecified impact. (Bug 67397)
- An out-of-bounds read flaw affects the date_parse_from_format() function in 'ext/date/lib/parse_date.c' that is triggered as date parsing routines fail to check the end of strings. This may allow a remote attacker to crash an application linked against PHP or potentially disclose memory contents. (Bug 67251)
- An out-of-bounds read flaw affects the timelib_meridian_with_check() function in 'ext/date/lib/parse_date.c' that is triggered as string ends are not properly checked. This may allow a remote attacker to crash an application linked against PHP or potentially disclose memory contents. (Bug 67253)
Solution
Upgrade to PHP version 5.5.14 or later. If 5.5.x cannot be installed, 5.4.30 is also patched for these vulnerabilities.
Plugin Details
Nessus ID: 76281, 76282
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:php:php
Patch Publication Date: 6/26/2014
Vulnerability Publication Date: 6/26/2014
Reference Information
CVE: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4721
BID: 67837, 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68423, 68550