Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)

high Nessus Plugin ID 80737
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
(CVE-2013-4248)

- The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
(CVE-2013-6420)

- The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
(CVE-2013-6712)

- Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
(CVE-2014-1943)

- softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
(CVE-2014-2270)

Solution

Upgrade to Solaris 11.1.19.6.0.

See Also

http://www.nessus.org/u?4a913f44

http://www.nessus.org/u?f6e0c4fe

http://www.nessus.org/u?864416ed

https://blogs.oracle.com/sunsecurity/cve-2014-2270-buffer-errors-vulnerability-in-php

http://www.nessus.org/u?90294d9b

Plugin Details

Severity: High

ID: 80737

File Name: solaris11_php_20140522.nasl

Version: 1.3

Type: local

Published: 1/19/2015

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.1, p-cpe:/a:oracle:solaris:php

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Patch Publication Date: 5/22/2014

Reference Information

CVE: CVE-2013-4248, CVE-2013-6420, CVE-2013-6712, CVE-2014-1943, CVE-2014-2270