FreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)

High Nessus Plugin ID 92574

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

PHP reports :

- Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

- Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).

- Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).

- Fixed bug #72519 (imagegif/output out-of-bounds access).

- Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).

- Fixed bug #72533 (locale_accept_from_http out-of-bounds access).

- Fixed bug #72541 (size_t overflow lead to heap corruption).

- Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).

- Fixed bug #72558 (Integer overflow error within
_gdContributionsAlloc()).

- Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).

- Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).

- Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).

- Fixed bug #72613 (Inadequate error handling in bzread()).

- Fixed bug #72618 (NULL pointer Dereference in exif_process_user_comment).

Solution

Update the affected packages.

See Also

http://www.php.net/ChangeLog-5.php#5.5.38

http://www.php.net/ChangeLog-5.php#5.6.24

http://www.php.net/ChangeLog-7.php#7.0.8

https://seclists.org/oss-sec/2016/q3/121

http://www.nessus.org/u?63176dba

Plugin Details

Severity: High

ID: 92574

File Name: freebsd_pkg_b6402385533b11e6a7bd14dae9d210b8.nasl

Version: 2.11

Type: local

Published: 2016/07/27

Updated: 2019/04/11

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:php55, p-cpe:/a:freebsd:freebsd:php55-bz2, p-cpe:/a:freebsd:freebsd:php55-exif, p-cpe:/a:freebsd:freebsd:php55-gd, p-cpe:/a:freebsd:freebsd:php55-odbc, p-cpe:/a:freebsd:freebsd:php55-snmp, p-cpe:/a:freebsd:freebsd:php55-xmlrpc, p-cpe:/a:freebsd:freebsd:php55-zip, p-cpe:/a:freebsd:freebsd:php56, p-cpe:/a:freebsd:freebsd:php56-bz2, p-cpe:/a:freebsd:freebsd:php56-exif, p-cpe:/a:freebsd:freebsd:php56-gd, p-cpe:/a:freebsd:freebsd:php56-odbc, p-cpe:/a:freebsd:freebsd:php56-snmp, p-cpe:/a:freebsd:freebsd:php56-xmlrpc, p-cpe:/a:freebsd:freebsd:php56-zip, p-cpe:/a:freebsd:freebsd:php70, p-cpe:/a:freebsd:freebsd:php70-bz2, p-cpe:/a:freebsd:freebsd:php70-curl, p-cpe:/a:freebsd:freebsd:php70-exif, p-cpe:/a:freebsd:freebsd:php70-gd, p-cpe:/a:freebsd:freebsd:php70-mcrypt, p-cpe:/a:freebsd:freebsd:php70-odbc, p-cpe:/a:freebsd:freebsd:php70-snmp, p-cpe:/a:freebsd:freebsd:php70-xmlrpc, p-cpe:/a:freebsd:freebsd:php70-zip, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/07/26

Vulnerability Publication Date: 2016/07/21

Reference Information

CVE: CVE-2015-8879, CVE-2016-5385, CVE-2016-5399, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297