CVE-2015-4604

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

References

http://git.php.net/?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2015-1135.html

http://rhn.redhat.com/errata/RHSA-2015-1186.html

http://rhn.redhat.com/errata/RHSA-2015-1187.html

http://www.openwall.com/lists/oss-security/2015/06/16/12

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/bid/75241

http://www.securitytracker.com/id/1032709

https://bugs.php.net/bug.php?id=68819

Details

Source: MITRE

Published: 2016-05-16

Updated: 2019-04-22

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.39 (inclusive)

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
124997EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)NessusHuawei Local Security Checks
critical
98831PHP 5.6.x < 5.6.8 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
88811F5 Networks BIG-IP : Multiple PHP vulnerabilities (K17061)NessusF5 Networks Local Security Checks
critical
85808Debian DLA-307-1 : php5 security updateNessusDebian Local Security Checks
critical
84563Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)NessusUbuntu Local Security Checks
critical
84557openSUSE Security Update : php5 (openSUSE-2015-471)NessusSuSE Local Security Checks
critical
84394Scientific Linux Security Update : php on SL7.x x86_64 (20150623)NessusScientific Linux Local Security Checks
critical
84355RHEL 7 : php (RHSA-2015:1135)NessusRed Hat Local Security Checks
critical
84351Oracle Linux 7 : php (ELSA-2015-1135)NessusOracle Linux Local Security Checks
critical
84345CentOS 7 : php (CESA-2015:1135)NessusCentOS Local Security Checks
critical
8784PHP 5.4.x < 5.4.40 / 5.5.x < 5.5.24 / 5.6.x < 5.6.8 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
83035PHP 5.6.x < 5.6.8 Multiple VulnerabilitiesNessusCGI abuses
critical
83034PHP 5.5.x < 5.5.24 Multiple VulnerabilitiesNessusCGI abuses
critical
83033PHP 5.4.x < 5.4.40 Multiple VulnerabilitiesNessusCGI abuses
critical