Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the remote web server is running a version of PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following vulnerabilities :
- LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497)
- The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)
- An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)
- There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)
- There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120)
Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
Solution
Upgrade to PHP version 5.5.16 or later.
Plugin Details
File Name: php_5_5_16.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Patch Publication Date: 8/21/2014
Vulnerability Publication Date: 8/21/2014