PHP 5.5.x < 5.5.16 Multiple Vulnerabilities

medium Nessus Plugin ID 77403

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner, the remote web server is running a version of PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following vulnerabilities :

- LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497)

- The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)

- An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)

- There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)

- There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PHP version 5.5.16 or later.

See Also

http://www.php.net/ChangeLog-5.php#5.5.16

https://bugs.php.net/bug.php?id=67730

https://bugs.php.net/bug.php?id=67705

https://bugs.php.net/bug.php?id=67717

https://bugs.php.net/bug.php?id=66901

https://bugs.php.net/bug.php?id=67716

Plugin Details

Severity: Medium

ID: 77403

File Name: php_5_5_16.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 8/27/2014

Updated: 5/31/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-3597

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 8/21/2014

Vulnerability Publication Date: 8/21/2014

Reference Information

CVE: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-5120

BID: 66233, 66406, 68348, 69322, 69325, 69375