Detections
Analytics

PHP 5.5.x < 5.5.26 / 5.6.x < 5.6.10 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 8787

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.5.x prior to 5.5.26, or 5.6.x prior to 5.6.10 are exposed to the following vulnerabilities :

 - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the 'compile_branch()' and 'pcre_compile2()' functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)
 - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414)
 - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the 'sqlite3VdbeExec()' function in 'vdbe.c'. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)
 - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the 'sqlite3VXPrintf()' function in 'printf.c'. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)
 - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\0' character with a safe file extension, to bypass access restrictions. (CVE-2015-4598)
 - An arbitrary command injection vulnerability exists due to a flaw in the 'php_escape_shell_arg()' function in 'exec.c'. A remote attacker can exploit this, via the 'escapeshellarg()' PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)
 - A heap buffer overflow condition exists in the 'ftp_genlist()' function in 'ftp.c'. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643)
 - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the 'build_tablename()' function in 'pgsql.c'. An authenticated, remote attacker can exploit this to cause an application crash. (CVE-2015-4644)

Solution

Apply the vendor patch or upgrade to PHP version 5.6.10 or later.

See Also

http://php.net/ChangeLog-5.php#5.5.26

http://php.net/ChangeLog-5.php#5.6.10

https://bugs.php.net/bug.php?id=68812

https://bugs.php.net/bug.php?id=68776

https://bugs.php.net/bug.php?id=69667

https://bugs.php.net/bug.php?id=69721

https://bugs.php.net/bug.php?id=69737

https://bugs.php.net/bug.php?id=69646

http://seclists.org/bugtraq/2015/Jun/59

Plugin Details

Severity: Medium

ID: 8787

Family: Web Servers

Published: 6/18/2015

Updated: 3/6/2019

Nessus ID: 84362, 84363, 84364

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 6/9/2015

Vulnerability Publication Date: 6/9/2015

Reference Information

CVE: CVE-2015-2325, CVE-2015-2326, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-4598, CVE-2015-4642, CVE-2015-4643, CVE-2015-4644

BID: 75174, 75175, 75244, 75291, 75292, 74228, 75290