RHEL 6 / 7 : php54 (RHSA-2015:1066)

critical Nessus Plugin ID 193682

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for php54.

Description

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1066 advisory.

- php: use after free vulnerability in unserialize() (CVE-2014-8142)

- php: out of bounds read when parsing a crafted .php file (CVE-2014-9427)

- file: out of bounds read in mconvert() (CVE-2014-9652)

- php: heap buffer overflow in enchant_broker_request_dict() (CVE-2014-9705)

- gd: buffer read overflow in gd_gif_in.c (CVE-2014-9709)

- php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) (CVE-2015-0231)

- php: Free called on unitialized pointer in exif.c (CVE-2015-0232)

- php: use after free vulnerability in unserialize() with DateTimeZone (CVE-2015-0273)

- php: use after free in opcache extension (CVE-2015-1351)

- php: use after free in phar_object.c (CVE-2015-2301)

- regex: heap overflow in regcomp() on 32-bit architectures (CVE-2015-2305)

- php: move_uploaded_file() NUL byte injection in file name (CVE-2015-2348)

- php: buffer over-read in Phar metadata parsing (CVE-2015-2783)

- php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re (CVE-2015-2787)

- php: invalid pointer free() in phar_tar_process_metadata() (CVE-2015-3307)

- php: buffer overflow in phar_set_inode() (CVE-2015-3329)

- php: pipelined request executed in deinitialized interpreter under httpd 2.4 (CVE-2015-3330)

- php: missing null byte checks for paths in various PHP extensions (CVE-2015-3411, CVE-2015-3412)

- php: SoapClient's __call() type confusion through unserialize() (CVE-2015-4147)

- php: SoapClient's do_soap_call() type confusion after unserialize() (CVE-2015-4148)

- php: type confusion issue in unserialize() with various SOAP methods (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601)

- php: Incomplete Class unserialization type confusion (CVE-2015-4602)

- php: exception::getTraceAsString type confusion issue after unserialize (CVE-2015-4603)

- php: denial of service when processing a crafted file with Fileinfo (CVE-2015-4604, CVE-2015-4605)

- php: HTTP response splitting in header() function (CVE-2015-8935)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL php54 package based on the guidance in RHSA-2015:1066.

Plugin Details

Severity: Critical

ID: 193682

File Name: redhat-RHSA-2015-1066.nasl

Version: 1.0

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 4/21/2024

Updated: 4/21/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-4603

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:php54, p-cpe:/a:redhat:enterprise_linux:php54-php, p-cpe:/a:redhat:enterprise_linux:php54-php-bcmath, p-cpe:/a:redhat:enterprise_linux:php54-php-cli, p-cpe:/a:redhat:enterprise_linux:php54-php-common, p-cpe:/a:redhat:enterprise_linux:php54-php-dba, p-cpe:/a:redhat:enterprise_linux:php54-php-devel, p-cpe:/a:redhat:enterprise_linux:php54-php-enchant, p-cpe:/a:redhat:enterprise_linux:php54-php-fpm, p-cpe:/a:redhat:enterprise_linux:php54-php-gd, p-cpe:/a:redhat:enterprise_linux:php54-php-imap, p-cpe:/a:redhat:enterprise_linux:php54-php-intl, p-cpe:/a:redhat:enterprise_linux:php54-php-ldap, p-cpe:/a:redhat:enterprise_linux:php54-php-mbstring, p-cpe:/a:redhat:enterprise_linux:php54-php-mysqlnd, p-cpe:/a:redhat:enterprise_linux:php54-php-odbc, p-cpe:/a:redhat:enterprise_linux:php54-php-pdo, p-cpe:/a:redhat:enterprise_linux:php54-php-pecl-zendopcache, p-cpe:/a:redhat:enterprise_linux:php54-php-pgsql, p-cpe:/a:redhat:enterprise_linux:php54-php-process, p-cpe:/a:redhat:enterprise_linux:php54-php-pspell, p-cpe:/a:redhat:enterprise_linux:php54-php-recode, p-cpe:/a:redhat:enterprise_linux:php54-php-snmp, p-cpe:/a:redhat:enterprise_linux:php54-php-soap, p-cpe:/a:redhat:enterprise_linux:php54-php-tidy, p-cpe:/a:redhat:enterprise_linux:php54-php-xml, p-cpe:/a:redhat:enterprise_linux:php54-php-xmlrpc, p-cpe:/a:redhat:enterprise_linux:php54-runtime, p-cpe:/a:redhat:enterprise_linux:php54-scldevel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/4/2015

Vulnerability Publication Date: 12/18/2014

Reference Information

CVE: CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604, CVE-2015-4605, CVE-2015-8935

CWE: 113, 119, 121, 122, 125, 416, 626, 665, 822, 843

RHSA: 2015:1066

Detections

Analytics