Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Session fixation vulnerability in the Sessions subsystem
in PHP before 5.5.2 allows remote attackers to hijack
web sessions by specifying a session ID. (CVE-2011-4718)

- Unspecified vulnerability in the _php_stream_scandir
function in the stream implementation in PHP before
5.3.15 and 5.4.x before 5.4.5 has unknown impact and
remote attack vectors, related to an 'overflow.'
(CVE-2012-2688)

- The SQLite functionality in PHP before 5.3.15 allows
remote attackers to bypass the open_basedir protection
mechanism via unspecified vectors. (CVE-2012-3365)

- ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before
5.4.13 does not validate the relationship between the
soap.wsdl_cache_dir directive and the open_basedir
directive, which allows remote attackers to bypass
intended access restrictions by triggering the creation
of cached SOAP WSDL files in an arbitrary directory.
(CVE-2013-1635)

- The SOAP parser in PHP before 5.3.23 and 5.4.x before
5.4.13 allows remote attackers to read arbitrary files
via a SOAP WSDL file containing an XML external entity
declaration in conjunction with an entity reference,
related to an XML External Entity (XXE) issue in the
soap_xmlParseFile and soap_xmlParseMemory functions.
NOTE: this vulnerability exists because of an incorrect
fix for CVE-2013-1824. (CVE-2013-1643)

- Heap-based buffer overflow in the php_quot_print_encode
function in ext/ standard/quot_print.c in PHP before
5.3.26 and 5.4.x before 5.4.16 allows remote attackers
to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted
argument to the quoted_printable_encode function.
(CVE-2013-2110)

- ext/xml/xml.c in PHP before 5.3.27 does not properly
consider parsing depth, which allows remote attackers to
cause a denial of service (heap memory corruption) or
possibly have unspecified other impact via a crafted
document that is processed by the xml_parse_into_struct
function. (CVE-2013-4113)

- The openssl_x509_parse function in openssl.c in the
OpenSSL module in PHP before 5.4.18 and 5.5.x before
5.5.2 does not properly handle a '\0' character in a
domain name in the Subject Alternative Name field of an
X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification
Authority, a related issue to CVE-2009-2408.
(CVE-2013-4248)

- Integer overflow in the SdnToJewish function in jewish.c
in the Calendar component in PHP before 5.3.26 and 5.4.x
before 5.4.16 allows context-dependent attackers to
cause a denial of service (application hang) via a large
argument to the jdtojewish function. (CVE-2013-4635)

- The mget function in libmagic/softmagic.c in the
Fileinfo component in PHP 5.4.x before 5.4.16 allows
remote attackers to cause a denial of service (invalid
pointer dereference and application crash) via an MP3
file that triggers incorrect MIME type detection during
access to an finfo object. (CVE-2013-4636)

See also :

http://www.nessus.org/u?b5f8def1
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4113_buffer_errors
http://www.nessus.org/u?00112bc0
http://www.nessus.org/u?4120fb39
http://www.nessus.org/u?489d3873

Solution :

Upgrade to Solaris 11.1.17.5.0.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80736 ()

Bugtraq ID:

CVE ID: CVE-2011-4718
CVE-2012-2688
CVE-2012-3365
CVE-2013-1635
CVE-2013-1643
CVE-2013-2110
CVE-2013-4113
CVE-2013-4248
CVE-2013-4635
CVE-2013-4636

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now