Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The openssl_x509_parse function in openssl.c in the
OpenSSL module in PHP before 5.4.18 and 5.5.x before
5.5.2 does not properly handle a '\0' character in a
domain name in the Subject Alternative Name field of an
X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification
Authority, a related issue to CVE-2009-2408.
(CVE-2013-4248)

- The asn1_time_to_time_t function in
ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before
5.4.23, and 5.5.x before 5.5.7 does not properly parse
(1) notBefore and (2) notAfter timestamps in X.509
certificates, which allows remote attackers to execute
arbitrary code or cause a denial of service (memory
corruption) via a crafted certificate that is not
properly handled by the openssl_x509_parse function.
(CVE-2013-6420)

- The scan function in ext/date/lib/parse_iso_intervals.c
in PHP through 5.5.6 does not properly restrict creation
of DateInterval objects, which might allow remote
attackers to cause a denial of service (heap-based
buffer over-read) via a crafted interval specification.
(CVE-2013-6712)

- Fine Free file before 5.17 allows context-dependent
attackers to cause a denial of service (infinite
recursion, CPU consumption, and crash) via a crafted
indirect offset value in the magic of a file.
(CVE-2014-1943)

- softmagic.c in file before 5.17 and libmagic allows
context-dependent attackers to cause a denial of service
(out-of-bounds memory access and crash) via crafted
offsets in the softmagic of a PE executable.
(CVE-2014-2270)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?62b841d2
http://www.nessus.org/u?01f1c299
https://blogs.oracle.com/sunsecurity/entry/cve_2014_2270_buffer_errors
http://www.nessus.org/u?74a8aaaa

Solution :

Upgrade to Solaris 11.1.19.6.0.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80737 ()

Bugtraq ID:

CVE ID: CVE-2013-4248
CVE-2013-6420
CVE-2013-6712
CVE-2014-1943
CVE-2014-2270

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now