Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html
http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html
http://marc.info/?l=bugtraq&m=141017844705317&w=2
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59270
http://secunia.com/advisories/59329
http://secunia.com/advisories/59418
http://secunia.com/advisories/59496
http://secunia.com/advisories/59513
http://secunia.com/advisories/59652
http://secunia.com/advisories/60998
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2961
http://www.openwall.com/lists/oss-security/2014/06/13/4
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/68007
http://www.securitytracker.com/id/1030435
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
https://bugzilla.redhat.com/show_bug.cgi?id=1108447
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
OR
OR
cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:*:beta4:*:*:*:*:*:* versions up to 5.6.0 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
700510 | Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | critical |
93161 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) | Nessus | SuSE Local Security Checks | critical |
83630 | SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0868-1) | Nessus | SuSE Local Security Checks | medium |
82700 | Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK) | Nessus | MacOS X Local Security Checks | critical |
82699 | Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK) | Nessus | MacOS X Local Security Checks | critical |
82333 | Mandriva Linux Security Advisory : php (MDVSA-2015:080) | Nessus | Mandriva Local Security Checks | high |
78556 | PHP 5.6.0 Multiple Vulnerabilities | Nessus | CGI abuses | high |
78336 | Amazon Linux AMI : php (ALAS-2014-393) | Nessus | Amazon Linux Local Security Checks | high |
78315 | Amazon Linux AMI : php55 (ALAS-2014-372) | Nessus | Amazon Linux Local Security Checks | high |
78310 | Amazon Linux AMI : php54 (ALAS-2014-367) | Nessus | Amazon Linux Local Security Checks | high |
8394 | Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004) | Nessus Network Monitor | Web Clients | critical |
77748 | Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
77742 | SuSE 11.3 Security Update : php53 (SAT Patch Number 9718) | Nessus | SuSE Local Security Checks | medium |
77720 | openSUSE Security Update : php5 (openSUSE-SU-2014:1133-1) | Nessus | SuSE Local Security Checks | medium |
77455 | GLSA-201408-11 : PHP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
77285 | PHP 5.3.x < 5.3.29 Multiple Vulnerabilities | Nessus | CGI abuses | high |
77241 | FreeBSD : PHP multiple vulnerabilities (d2a892b9-2605-11e4-9da0-00a0986f28c4) | Nessus | FreeBSD Local Security Checks | high |
77047 | Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806) | Nessus | Scientific Linux Local Security Checks | high |
77044 | Oracle Linux 7 : php (ELSA-2014-1013) | Nessus | Oracle Linux Local Security Checks | high |
77043 | Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012) | Nessus | Oracle Linux Local Security Checks | high |
77033 | CentOS 7 : php (CESA-2014:1013) | Nessus | CentOS Local Security Checks | high |
77032 | CentOS 5 / 6 : php / php53 (CESA-2014:1012) | Nessus | CentOS Local Security Checks | high |
77016 | RHEL 7 : php (RHSA-2014:1013) | Nessus | Red Hat Local Security Checks | high |
77015 | RHEL 5 / 6 : php53 and php (RHSA-2014:1012) | Nessus | Red Hat Local Security Checks | high |
76476 | Slackware 14.0 / 14.1 / current : php (SSA:2014-192-01) | Nessus | Slackware Local Security Checks | high |
76438 | Mandriva Linux Security Advisory : php (MDVSA-2014:130) | Nessus | Mandriva Local Security Checks | high |
76367 | SuSE 11.3 Security Update : php53 (SAT Patch Number 9450) | Nessus | SuSE Local Security Checks | medium |
8320 | PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | critical |
76282 | PHP 5.5.x < 5.5.14 Multiple Vulnerabilities | Nessus | CGI abuses | high |
76281 | PHP 5.4.x < 5.4.30 Multiple Vulnerabilities | Nessus | CGI abuses | high |
76249 | Ubuntu 13.10 / 14.04 LTS : php5 updates (USN-2254-2) | Nessus | Ubuntu Local Security Checks | high |
76230 | openSUSE Security Update : php5 (openSUSE-SU-2014:0841-1) | Nessus | SuSE Local Security Checks | medium |
76201 | Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2254-1) | Nessus | Ubuntu Local Security Checks | high |
76082 | Debian DSA-2961-1 : php5 - security update | Nessus | Debian Local Security Checks | medium |