FreeBSD : PHP -- multiple vulnerabilities (1b61ecef-cdb9-11e6-a9a5-b499baebfeaf)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Check Point reports :

... discovered 3 fresh and previously unknown vulnerabilities
(CVE-2016-7479, CVE-2016-7480, CVE-2016-7478) in the PHP 7 unserialize
mechanism.

The first two vulnerabilities allow attackers to take full control
over servers, allowing them to do anything they want with the website,
from spreading malware to defacing it or stealing customer data.

The last vulnerability generates a Denial of Service attack which
basically hangs the website, exhausts its memory consumption, and
shuts it down.

The PHP security team issued fixes for two of the vulnerabilities on
the 13th of October and 1st of December.

See also :

http://www.nessus.org/u?883c814d
http://www.nessus.org/u?85473bea

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96292 ()

Bugtraq ID:

CVE ID: CVE-2016-7478
CVE-2016-7479
CVE-2016-7480

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now