PHP 5.4.x < 5.4.17 Buffer Overflow

high Nessus Plugin ID 67260

Synopsis

The remote web server uses a version of PHP that is potentially affected by a buffer overflow vulnerability.

Description

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.17. It is, therefore, potentially affected by a buffer overflow error that exists in the function '_pdo_pgsql_error' in the file 'ext/pdo_pgsql/pgsql_driver.c'.

Note that this plugin does not attempt to exploit this vulnerability, but instead, relies only on PHP's self-reported version number.

Solution

Apply the vendor patch or upgrade to PHP version 5.4.17 or later.

See Also

https://bugs.php.net/bug.php?id=64949

http://www.php.net/ChangeLog-5.php#5.4.17

Plugin Details

Severity: High

ID: 67260

File Name: php_5_4_17.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 7/12/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Patch Publication Date: 7/4/2013

Vulnerability Publication Date: 7/4/2013