PHP 5.5.x < 5.5.16 Multiple Vulnerabilities

Medium Nessus Plugin ID 77403

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

According to its banner, the remote web server is running a version of PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following vulnerabilities :

- LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497)

- The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)

- An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)

- There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)

- There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PHP version 5.5.16 or later.

See Also

http://www.php.net/ChangeLog-5.php#5.5.16

https://bugs.php.net/bug.php?id=67730

https://bugs.php.net/bug.php?id=67705

https://bugs.php.net/bug.php?id=67717

https://bugs.php.net/bug.php?id=66901

https://bugs.php.net/bug.php?id=67716

Plugin Details

Severity: Medium

ID: 77403

File Name: php_5_5_16.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 2014/08/27

Updated: 2018/09/17

Dependencies: 48243

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2014-3597

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Exploit Available: false

Exploit Ease: No exploit is required

Patch Publication Date: 2014/08/21

Vulnerability Publication Date: 2014/08/21

Reference Information

CVE: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-5120

BID: 66233, 66406, 68348, 69322, 69325, 69375