CVE-2013-6420

HIGH

Description

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

References

http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!

http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415

http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html

http://rhn.redhat.com/errata/RHSA-2013-1813.html

http://rhn.redhat.com/errata/RHSA-2013-1815.html

http://rhn.redhat.com/errata/RHSA-2013-1824.html

http://rhn.redhat.com/errata/RHSA-2013-1825.html

http://rhn.redhat.com/errata/RHSA-2013-1826.html

http://secunia.com/advisories/59652

http://support.apple.com/kb/HT6150

http://www.debian.org/security/2013/dsa-2816

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/64225

http://www.securitytracker.com/id/1029472

http://www.ubuntu.com/usn/USN-2055-1

https://bugzilla.redhat.com/show_bug.cgi?id=1036830

https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322

https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html

Details

Source: MITRE

Published: 2013-12-17

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.9.1 (inclusive)

Configuration 4

OR

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.27 (inclusive)

Configuration 5

OR

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
124998EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545)NessusHuawei Local Security Checks
critical
102079Juniper Junos PHP multiple vulnerabilities (JSA10804)NessusJunos Local Security Checks
high
83607SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1)NessusSuSE Local Security Checks
high
80737Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)NessusSolaris Local Security Checks
high
78987RHEL 5 : php53 (RHSA-2013:1825)NessusRed Hat Local Security Checks
high
78986RHEL 5 / 6 : php (RHSA-2013:1824)NessusRed Hat Local Security Checks
high
78090HP System Management Homepage < 7.4 Multiple VulnerabilitiesNessusWeb Servers
high
77455GLSA-201408-11 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
74876openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1)NessusSuSE Local Security Checks
high
8138Mac OS X < 10.9.2 Multiple Vulnerabilities Nessus Network MonitorWeb Clients
critical
72688Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)NessusMacOS X Local Security Checks
critical
72687Mac OS X 10.9.x < 10.9.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
72082Mandriva Linux Security Advisory : php (MDVSA-2014:014)NessusMandriva Local Security Checks
high
71965SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)NessusSuSE Local Security Checks
high
71964SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8710)NessusSuSE Local Security Checks
high
71931Slackware 14.0 / 14.1 / current : php (SSA:2014-013-03)NessusSlackware Local Security Checks
high
71576Amazon Linux AMI : php55 (ALAS-2013-264)NessusAmazon Linux Local Security Checks
high
71575Amazon Linux AMI : php54 (ALAS-2013-263)NessusAmazon Linux Local Security Checks
high
71574Amazon Linux AMI : php (ALAS-2013-262)NessusAmazon Linux Local Security Checks
high
71552Fedora 18 : php-5.4.23-1.fc18 (2013-23215)NessusFedora Local Security Checks
high
71549Fedora 20 : php-5.5.7-1.fc20 (2013-23164)NessusFedora Local Security Checks
high
71451FreeBSD : PHP5 -- memory corruption in openssl_x509_parse() (47b4e713-6513-11e3-868f-0025905a4771)NessusFreeBSD Local Security Checks
high
71428PHP 5.5.x < 5.5.7 OpenSSL openssl_x509_parse() Memory CorruptionNessusCGI abuses
high
71427PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory CorruptionNessusCGI abuses
high
71426PHP 5.3.x < 5.3.28 Multiple OpenSSL VulnerabilitiesNessusCGI abuses
high
71402Debian DSA-2816-1 : php5 - several vulnerabilitiesNessusDebian Local Security Checks
high
71394Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1)NessusUbuntu Local Security Checks
high
71386Fedora 19 : php-5.5.7-1.fc19 (2013-23208)NessusFedora Local Security Checks
high
71373Scientific Linux Security Update : php on SL5.x i386/x86_64 (20131211)NessusScientific Linux Local Security Checks
critical
71372Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20131211)NessusScientific Linux Local Security Checks
high
71367Oracle Linux 5 : php (ELSA-2013-1814)NessusOracle Linux Local Security Checks
critical
71356CentOS 5 : php (CESA-2013:1814)NessusCentOS Local Security Checks
critical
71355CentOS 5 / 6 : php / php53 (CESA-2013:1813)NessusCentOS Local Security Checks
high
71337RHEL 5 : php (RHSA-2013:1814)NessusRed Hat Local Security Checks
critical
71336RHEL 5 / 6 : php53 and php (RHSA-2013:1813)NessusRed Hat Local Security Checks
high
71334Oracle Linux 5 / 6 : php / php53 (ELSA-2013-1813)NessusOracle Linux Local Security Checks
high