Amazon Linux AMI : php70 (ALAS-2017-788)

high Nessus Plugin ID 96806
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.7

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480)

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137)

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933)

ext/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934)

The php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)

Solution

Run 'yum update php70' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2017-788.html

Plugin Details

Severity: High

ID: 96806

File Name: ala_ALAS-2017-788.nasl

Version: 3.2

Type: local

Agent: unix

Published: 1/27/2017

Updated: 4/18/2018

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:2.3:o:amazon:linux:*:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-bcmath:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-cli:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-common:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-dba:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-dbg:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-embedded:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-enchant:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-fpm:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-gd:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-gmp:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-imap:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-intl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-json:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-ldap:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-mbstring:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-mcrypt:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-mysqlnd:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-odbc:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-opcache:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-pdo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-pdo-dblib:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-pgsql:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-process:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-pspell:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-recode:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-snmp:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-soap:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-tidy:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-xml:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-xmlrpc:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:php70-zip:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 1/26/2017

Reference Information

CVE: CVE-2016-9137, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936, CVE-2016-7480

ALAS: 2017-788