CVE-2015-5589

HIGH

Description

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.

References

http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf

http://openwall.com/lists/oss-security/2015/07/18/1

http://php.net/ChangeLog-5.php

http://www.debian.org/security/2015/dsa-3344

http://www.securityfocus.com/bid/75974

https://bugs.php.net/bug.php?id=69958

Details

Source: MITRE

Published: 2016-05-16

Updated: 2017-11-04

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.42 (inclusive)

Tenable Plugins

View all (19 total)

ID	Name	Product	Family	Severity
98803	PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	Web Application Scanning	Component Vulnerability	critical
119970	SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1425-1)	Nessus	SuSE Local Security Checks	critical
93161	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)	Nessus	SuSE Local Security Checks	critical
8955	PHP 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
8954	PHP 5.6.10 < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	Nessus Network Monitor	Web Servers	high
8953	PHP 5.4.x < 5.4.43 / 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	Nessus Network Monitor	Web Servers	critical
86221	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : php5 vulnerabilities (USN-2758-1)	Nessus	Ubuntu Local Security Checks	critical
85808	Debian DLA-307-1 : php5 security update	Nessus	Debian Local Security Checks	critical
85723	SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1466-1)	Nessus	SuSE Local Security Checks	critical
85664	Debian DSA-3344-1 : php5 - security update	Nessus	Debian Local Security Checks	critical
85458	Amazon Linux AMI : php56 (ALAS-2015-585) (BACKRONYM)	Nessus	Amazon Linux Local Security Checks	critical
85457	Amazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM)	Nessus	Amazon Linux Local Security Checks	critical
85456	Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)	Nessus	Amazon Linux Local Security Checks	critical
85259	openSUSE Security Update : php5 (openSUSE-2015-536)	Nessus	SuSE Local Security Checks	critical
85061	Fedora 21 : php-5.6.11-1.fc21 (2015-11581)	Nessus	Fedora Local Security Checks	critical
84862	FreeBSD : php-phar -- multiple vulnerabilities (8b1f53f3-2da5-11e5-86ff-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	critical
84673	PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	Nessus	CGI abuses	critical
84672	PHP 5.5.x < 5.5.27 Multiple Vulnerabilities (BACKRONYM)	Nessus	CGI abuses	critical
84671	PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM)	Nessus	CGI abuses	critical