Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities :
- LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497)
- The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)
- An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)
- There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)
- A flaw exists in the 'spl_dllist.c' file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670)
- A flaw exists in the 'spl_array.c' file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698)
- There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120)
Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
Solution
Upgrade to PHP version 5.4.32 or later.
Plugin Details
File Name: php_5_4_32.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Patch Publication Date: 8/21/2014
Vulnerability Publication Date: 8/21/2014
Reference Information
CVE: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120
BID: 66233, 66406, 68348, 68511, 68513, 69322, 69325, 69375