PHP 5.3 < 5.3.6 Multiple Vulnerabilities
high Nessus Plugin ID 52717
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.Description
According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.6.- A NULL pointer can be dereferenced in the function '_zip_name_locate()' when processing empty archives and can lead to application crashes or code execution.
Exploitation requires the 'ZIPARCHIVE::FL_UNCHANGED' setting to be in use. (CVE-2011-0421)
- A variable casting error exists in the Exif extention, which can allow denial of service attacks when handling crafted 'Image File Directory' (IFD) header values in the PHP function 'exif_read_data()'. Exploitation requires a 64bit system and a config setting 'memory_limit' above 4GB or unlimited. (CVE-2011-0708)
- An integer overflow vulnerability exists in the implementation of the PHP function 'shmop_read()' and can allow arbitrary code execution. (CVE-2011-1092)
- Errors exist in the file 'phar/phar_object.c' in which calls to 'zend_throw_exception_ex()' pass data as a string format parameter. This can lead to memory corruption when handling PHP archives (phar).
(CVE-2011-1153)
- A buffer overflow error exists in the C function 'xbuf_format_converter' when the PHP configuration value for 'precision' is set to a large value and can lead to application crashes. (CVE-2011-1464)
- An integer overflow error exists in the C function 'SdnToJulian()' in the Calendar extension and can lead to application crashes. (CVE-2011-1466)
- An unspecified error exists in the implementation of the PHP function 'numfmt_set_symbol()' and PHP method 'NumberFormatter::setSymbol()' in the Intl extension.
This error can lead to application crashes.
(CVE-2011-1467)
- Multiple memory leaks exist in the OpenSSL extension in the PHP functions 'openssl_encrypt' and 'openssl_decrypt'. (CVE-2011-1468)
- An unspecified error exists in the Streams component when accessing FTP URLs with an HTTP proxy.
(CVE-2011-1469)
- An integer signedness error and an unspecified error exist in the Zip extension and can lead to denial of service via certain ziparchive streams. (CVE-2011-1470, CVE-2011-1471)
- An unspecified error exists in the security enforcement regarding the parsing of the fastcgi protocol with the 'FastCGI Process Manager' (FPM) SAPI.
Solution
Upgrade to PHP 5.3.6 or later.See Also
https://bugs.php.net/bug.php?id=54193
https://bugs.php.net/bug.php?id=54055
https://bugs.php.net/bug.php?id=53885
https://bugs.php.net/bug.php?id=53574
https://bugs.php.net/bug.php?id=53512
https://bugs.php.net/bug.php?id=54060
https://bugs.php.net/bug.php?id=54061
https://bugs.php.net/bug.php?id=54092
https://bugs.php.net/bug.php?id=53579
https://bugs.php.net/bug.php?id=49072
https://www.openwall.com/lists/oss-security/2011/02/14/1
Plugin Details
Severity: High
ID: 52717
File Name: php_5_3_6.nasl
Version: 1.14
Type: remote
Family: CGI abuses
Published: 3/18/2011
Updated: 1/19/2021
Dependencies: php_version.nasl
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:POC/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Exploit Ease: No exploit is required
Patch Publication Date: 3/17/2011
Vulnerability Publication Date: 2/14/2011
Reference Information
CVE: CVE-2011-0421, CVE-2011-0708, CVE-2011-1092, CVE-2011-1153, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470