PHP 5.6.x < 5.6.39 Multiple vulnerabilities
High Nessus Plugin ID 119764
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities:
- An arbitrary command injection vulnerability exists in the imap_open function due to improper filters for mailbox names prior to passing them to rsh or ssh commands. An authenticated, remote attacker can exploit this by sending a specially crafted IMAP server name to cause the execution of arbitrary commands on the target system. (CVE-2018-19518)
- A denial of service (DoS) vulnerability exists in ext/imap/php_imap.c. An unauthenticated, remote attacker can exploit this issue, via an empty string in the message argument to the imap_mail function, to cause the application to stop responding. (CVE-2018-19935)
- A heap buffer over-read exists in the phar_parse_pharfile function.
An unauthenticated, remote attacker can exploit this to read allocated or unallocated memory past the actual data when trying to parse a .phar file. (CVE-2018-20783)
Solution
Upgrade to PHP version 5.6.39 or later.