Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled
NULL bytes in file paths. A remote attacker could possibly use this
issue to bypass intended restrictions and create or obtain access to
sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025,
CVE-2015-4026, CVE-2015-4598)

Emmanuel Law discovered that the PHP phar extension incorrectly
handled filenames starting with a NULL byte. A remote attacker could
use this issue with a crafted tar archive to cause a denial of
service. (CVE-2015-4021)

Max Spelsberg discovered that PHP incorrectly handled the LIST command
when connecting to remote FTP servers. A malicious FTP server could
possibly use this issue to execute arbitrary code. (CVE-2015-4022,
CVE-2015-4643)

Shusheng Liu discovered that PHP incorrectly handled certain malformed
form data. A remote attacker could use this issue with crafted form
data to cause CPU consumption, leading to a denial of service.
(CVE-2015-4024)

Andrea Palazzo discovered that the PHP Soap client incorrectly
validated data types. A remote attacker could use this issue with
crafted serialized data to possibly execute arbitrary code.
(CVE-2015-4147)

Andrea Palazzo discovered that the PHP Soap client incorrectly
validated that the uri property is a string. A remote attacker could
use this issue with crafted serialized data to possibly obtain
sensitive information. (CVE-2015-4148)

Taoguang Chen discovered that PHP incorrectly validated data types in
multiple locations. A remote attacker could possibly use these issues
to obtain sensitive information or cause a denial of service.
(CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,
CVE-2015-4603)

It was discovered that the PHP Fileinfo component incorrectly handled
certain files. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. This issue only affected
Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605)

It was discovered that PHP incorrectly handled table names in
php_pgsql_meta_data. A local attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2015-4644).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true