PHP 5.4.x < 5.4.17 Buffer Overflow

High Nessus Plugin ID 67260

Synopsis

The remote web server uses a version of PHP that is potentially affected by a buffer overflow vulnerability.

Description

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.17. It is, therefore, potentially affected by a buffer overflow error that exists in the function '_pdo_pgsql_error' in the file 'ext/pdo_pgsql/pgsql_driver.c'.

Note that this plugin does not attempt to exploit this vulnerability, but instead, relies only on PHP's self-reported version number.

Solution

Apply the vendor patch or upgrade to PHP version 5.4.17 or later.

See Also

https://bugs.php.net/bug.php?id=64949

http://www.php.net/ChangeLog-5.php#5.4.17

Plugin Details

Severity: High

ID: 67260

File Name: php_5_4_17.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 2013/07/12

Updated: 2018/11/15

Dependencies: 48243

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Patch Publication Date: 2013/07/04

Vulnerability Publication Date: 2013/07/04