CVE-2014-3710

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

References

http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d

http://linux.oracle.com/errata/ELSA-2014-1767.html

http://linux.oracle.com/errata/ELSA-2014-1768.html

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://rhn.redhat.com/errata/RHSA-2014-1767.html

http://rhn.redhat.com/errata/RHSA-2014-1768.html

http://rhn.redhat.com/errata/RHSA-2016-0760.html

http://secunia.com/advisories/60630

http://secunia.com/advisories/60699

http://secunia.com/advisories/61763

http://secunia.com/advisories/61970

http://secunia.com/advisories/61982

http://secunia.com/advisories/62347

http://secunia.com/advisories/62559

http://www.debian.org/security/2014/dsa-3072

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/70807

http://www.securitytracker.com/id/1031344

http://www.ubuntu.com/usn/USN-2391-1

http://www.ubuntu.com/usn/USN-2494-1

https://bugs.php.net/bug.php?id=68283

https://bugzilla.redhat.com/show_bug.cgi?id=1155071

https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0

https://security.gentoo.org/glsa/201503-03

https://security.gentoo.org/glsa/201701-42

https://support.apple.com/HT204659

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc

Details

Source: MITRE

Published: 2014-11-05

Updated: 2018-01-05

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.4.34:*:*:*:*:*:*:*

Tenable Plugins

View all (46 total)

IDNameProductFamilySeverity
700510Mac OS X 10.10.x < 10.10.3 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
98820PHP 5.6.x < 5.6.3 donote DoSWeb Application ScanningComponent Vulnerability
medium
106092SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)NessusSuSE Local Security Checks
critical
96576GLSA-201701-42 : file: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
91537Scientific Linux Security Update : file on SL6.x i386/x86_64 (20160510)NessusScientific Linux Local Security Checks
high
91167CentOS 6 : file (CESA-2016:0760)NessusCentOS Local Security Checks
high
91155OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)NessusOracleVM Local Security Checks
high
91149Oracle Linux 6 : file (ELSA-2016-0760)NessusOracle Linux Local Security Checks
high
91074RHEL 6 : file (RHSA-2016:0760)NessusRed Hat Local Security Checks
high
87555Scientific Linux Security Update : file on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87137CentOS 7 : file (CESA-2015:2155)NessusCentOS Local Security Checks
high
87027Oracle Linux 7 : file (ELSA-2015-2155)NessusOracle Linux Local Security Checks
high
86973RHEL 7 : file (RHSA-2015:2155)NessusRed Hat Local Security Checks
high
83850SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2014:1555-1)NessusSuSE Local Security Checks
medium
82700Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)NessusMacOS X Local Security Checks
critical
82699Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)NessusMacOS X Local Security Checks
critical
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82239Debian DLA-94-1 : php5 security updateNessusDebian Local Security Checks
high
82231Debian DLA-86-1 : file security updateNessusDebian Local Security Checks
medium
81688GLSA-201503-03 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
8908PHP 5.4.x < 5.4.35 / 5.5.x < 5.5.19 / 5.6.x < 5.6.3 Out-of-Bounds ReadNessus Network MonitorWeb Servers
medium
81178Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : file vulnerabilities (USN-2494-1)NessusUbuntu Local Security Checks
medium
80351FreeBSD : file -- multiple vulnerabilities (9575259a-92d5-11e4-bce6-d050992ecde8)NessusFreeBSD Local Security Checks
medium
80205Slackware 14.0 / 14.1 / current : php (SSA:2014-356-02)NessusSlackware Local Security Checks
high
79632Mandriva Linux Security Advisory : file (MDVSA-2014:236)NessusMandriva Local Security Checks
medium
79616openSUSE Security Update : file (openSUSE-SU-2014:1516-1)NessusSuSE Local Security Checks
medium
79561Amazon Linux AMI : file (ALAS-2014-453)NessusAmazon Linux Local Security Checks
medium
79559Amazon Linux AMI : php55 (ALAS-2014-451)NessusAmazon Linux Local Security Checks
medium
79558Amazon Linux AMI : php54 (ALAS-2014-450)NessusAmazon Linux Local Security Checks
medium
79414SuSE 11.3 Security Update : file (SAT Patch Number 9982)NessusSuSE Local Security Checks
medium
79339Debian DSA-3074-1 : php5 - security updateNessusDebian Local Security Checks
medium
79248PHP 5.6.x < 5.6.3 'donote' DoSNessusCGI abuses
medium
79247PHP 5.5.x < 5.5.19 'donote' DoSNessusCGI abuses
medium
79246PHP 5.4.x < 5.4.35 'donote' DoSNessusCGI abuses
medium
79221Debian DSA-3072-1 : file - security updateNessusDebian Local Security Checks
medium
79086Fedora 21 : file-5.19-7.fc21 (2014-13535)NessusFedora Local Security Checks
medium
78853Scientific Linux Security Update : php on SL6.x, SL7.x i386/x86_64 (20141030)NessusScientific Linux Local Security Checks
high
78852Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030)NessusScientific Linux Local Security Checks
high
78783CentOS 5 : php53 (CESA-2014:1768)NessusCentOS Local Security Checks
high
78782CentOS 6 / 7 : php (CESA-2014:1767)NessusCentOS Local Security Checks
high
78761Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2391-1)NessusUbuntu Local Security Checks
high
78760RHEL 5 : php53 (RHSA-2014:1768)NessusRed Hat Local Security Checks
high
78759RHEL 6 / 7 : php (RHSA-2014:1767)NessusRed Hat Local Security Checks
high
78755Oracle Linux 5 : php53 (ELSA-2014-1768)NessusOracle Linux Local Security Checks
high
78754Oracle Linux 6 / 7 : php (ELSA-2014-1767)NessusOracle Linux Local Security Checks
high
78728Fedora 20 : file-5.19-7.fc20 (2014-13571)NessusFedora Local Security Checks
medium