PHP 5.5.x < 5.5.34 / 5.6.x < 5.6.20 / 7.0.x < 7.0.5 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9171

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.5.x prior to 5.5.34, or 5.6.x prior to 5.6.20, or 7.0.x prior to 7.0.5 are vulnerable to the following issues :

- A format string flaw exists in the 'php_snmp_error()' function in 'ext/snmp/snmp.c'. The issue is triggered as string format specifiers (e.g. %s and %x) are not properly used. With a specially crafted SNMP object, a remote attacker can cause a denial of service or potentially execute arbitrary code.
- An invalid memory write is triggered when handling the path of phar filenames. This may allow a remote attacker to have an unspecified impact.
- A flaw exists in the 'mbfl_strcut()' function in 'ext/mbstring/libmbfl/mbfl/mbfilter.c'. This issue is triggered when handling negative sz values. This may allow a remote attacker to cause a crash.
- An integer overflow condition exists in the 'php_raw_url_encode()' function in 'ext/standard/url.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to have an unspecified impact.

Solution

Upgrade to PHP version 7.0.5 or later. If 7.x cannot be obtained, 5.6.20 and 5.5.34 are also patched for these vulnerabilities.

See Also

http://www.php.net/ChangeLog-5.php#5.5.34

http://www.php.net/ChangeLog-5.php#5.6.20

http://www.php.net/ChangeLog-7.php#7.0.5

Plugin Details

Severity: Critical

ID: 9171

Family: Web Servers

Published: 4/8/2016

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 3/31/2016

Vulnerability Publication Date: 3/29/2016