EulerOS 2.0 SP2 : php (EulerOS-SA-2017-1068)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the php packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

- Zend/zend_exceptions.c in PHP, possibly 5.x before
5.6.28 and 7.x before 7.0.13, allows remote attackers
to cause a denial of service (infinite loop) via a
crafted Exception object in serialized data, a related
issue to CVE-2015-8876.(CVE-2016-7478)

- ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before
7.0.11 proceeds with SplArray unserialization without
validating a return value and data type, which allows
remote attackers to cause a denial of service or
possibly have unspecified other impact via crafted
serialized data.(CVE-2016-7417)

- ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x
before 5.6.18, and 7.x before 7.0.3 mishandles
zero-length uncompressed data, which allows remote
attackers to cause a denial of service (heap memory
corruption) or possibly have unspecified other impact
via a crafted (1) TAR, (2) ZIP, or (3) PHAR
archive.(CVE-2016-4342)

- The php_wddx_process_data function in ext/wddx/wddx.c
in PHP before 5.6.25 and 7.x before 7.0.10 allows
remote attackers to cause a denial of service
(segmentation fault) or possibly have unspecified other
impact via an invalid ISO 8601 time value, as
demonstrated by a wddx_deserialize call that mishandles
a dateTime element in a wddxPacket XML
document.(CVE-2016-7129)

- Integer signedness error in the simplestring_addn
function in simplestring.c in xmlrpc-epi through
0.54.2, as used in PHP before 5.5.38, 5.6.x before
5.6.24, and 7.x before 7.0.9, allows remote attackers
to cause a denial of service (heap-based buffer
overflow) or possibly have unspecified other impact via
a long first argument to the PHP xmlrpc_encode_request
function.(CVE-2016-6296)

- ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before
5.6.24, and 7.x before 7.0.9 improperly interacts with
the unserialize implementation and garbage collection,
which allows remote attackers to cause a denial of
service (use-after-free and application crash) or
possibly have unspecified other impact via crafted
serialized data, a related issue to
CVE-2016-5773.(CVE-2016-6295)

- ext/session/session.c in PHP before 5.5.38, 5.6.x
before 5.6.24, and 7.x before 7.0.9 does not properly
maintain a certain hash data structure, which allows
remote attackers to cause a denial of service
(use-after-free) or possibly have unspecified other
impact via vectors related to session
deserialization.(CVE-2016-6290)

- Integer overflow in the php_stream_zip_opener function
in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x
before 5.6.24, and 7.x before 7.0.9 allows remote
attackers to cause a denial of service (stack-based
buffer overflow) or possibly have unspecified other
impact via a crafted zip:// URL.(CVE-2016-6297)

- The phar_make_dirstream function in
ext/phar/dirstream.c in PHP before 5.6.18 and 7.x
before 7.0.3 mishandles zero-size ././@LongLink files,
which allows remote attackers to cause a denial of
service (uninitialized pointer dereference) or possibly
have unspecified other impact via a crafted TAR
archive.(CVE-2016-4343)

- ext/intl/msgformat/msgformat_format.c in PHP before
5.6.26 and 7.x before 7.0.11 does not properly restrict
the locale length provided to the Locale class in the
ICU library, which allows remote attackers to cause a
denial of service (application crash) or possibly have
unspecified other impact via a
MessageFormatter::formatMessage call with a long first
argument.(CVE-2016-7416)

- ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before
7.0.10 allows remote attackers to cause a denial of
service (NULL pointer dereference and application
crash) or possibly have unspecified other impact via a
malformed wddxPacket XML document that is mishandled in
a wddx_deserialize call, as demonstrated by a tag that
lacks a < (less than) character.(CVE-2016-7131)

- ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before
7.0.10 allows remote attackers to cause a denial of
service (NULL pointer dereference and application
crash) or possibly have unspecified other impact via an
invalid wddxPacket XML document that is mishandled in a
wddx_deserialize call, as demonstrated by a stray
element inside a boolean element, leading to incorrect
pop processing.(CVE-2016-7132)

- The php_wddx_pop_element function in ext/wddx/wddx.c in
PHP before 5.6.25 and 7.x before 7.0.10 allows remote
attackers to cause a denial of service (NULL pointer
dereference and application crash) or possibly have
unspecified other impact via an invalid base64 binary
value, as demonstrated by a wddx_deserialize call that
mishandles a binary element in a wddxPacket XML
document.( CVE-2016-7130)

- The imagegammacorrect function in ext/gd/gd.c in PHP
before 5.6.25 and 7.x before 7.0.10 does not properly
validate gamma values, which allows remote attackers to
cause a denial of service (out-of-bounds write) or
possibly have unspecified other impact by providing
different signs for the second and third
arguments.(CVE-2016-7127)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?a91eb782

Solution :

Update the affected php packages.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C)
CVSS Temporal Score : 7.5
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now