PHP 5.4.x < 5.4.32 Multiple Vulnerabilities

medium Nessus Plugin ID 77402

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities :

- LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497)

- The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)

- An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)

- There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)

- A flaw exists in the 'spl_dllist.c' file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670)

- A flaw exists in the 'spl_array.c' file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698)

- There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PHP version 5.4.32 or later.

See Also

http://www.php.net/ChangeLog-5.php#5.4.32

https://bugs.php.net/bug.php?id=67730

https://bugs.php.net/bug.php?id=67538

https://bugs.php.net/bug.php?id=67539

https://bugs.php.net/bug.php?id=67717

https://bugs.php.net/bug.php?id=67705

https://bugs.php.net/bug.php?id=67716

https://bugs.php.net/bug.php?id=66901

https://bugs.php.net/bug.php?id=67715

Plugin Details

Severity: Medium

ID: 77402

File Name: php_5_4_32.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 8/27/2014

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-3597

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 8/21/2014

Vulnerability Publication Date: 8/21/2014

Reference Information

CVE: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120

BID: 66233, 66406, 68348, 68511, 68513, 69322, 69325, 69375