PHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 5616

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP prior to 5.2.14, or 5.3.x prior to 5.3.3 are affected by the following vulnerabilities :

- An information disclosure vulnerability in 'var_export()' when a fatal error occurs.
- A resource destruction issue in 'shm_put_var()'.
- A possible information leak because of an interruption of XOR operator.
- A memory corruption issue caused by an unexpected call-time pass by reference and the following memory clobbering through callbacks.
- A memory corruption issue in 'ArrayObject::uasort()'.
- A memory corruption issue in 'parse_str()'.
- A memory corruption issue in 'pack()'.
- A memory corruption issue in 'substr_replace()'.
- A memory corruption issue in 'addcslashes()'.
- A stack exhaustion issue in 'fnmatch()'.
- A buffer overflow vulnerability in the dechunking filter.
- An arbitrary memory access issue in the sqlite extension.
- A string format validation issue in the phar extension.
- An unspecified issue relating to the handling of session variable serialization on certain prefix characters.
- A NULL pointer dereference issue when processing invalid XML-RPC requests.
- An unserialization issue in 'SplObjectStorage'.
- Buffer overflow vulnerabilities in 'mysqlnd_list_fields' and 'mysqlnd_change_user'.
- Buffer overflows when handling error packets in mysqlnd.
- A flaw affects 'sqlite_single_query()' and 'sqlite_array_query()' methods included in the 'ext/sqlite/sqlite.c' source file. Specifically, the 'rres' resource is not properly initialized before use which may trigger a double-free condition when an empty query is passed to the 'real_result_dtor()' function.

Solution

Upgrade to PHP version 5.2.14, 5.3.3, or later.

See Also

http://www.php.net/releases/5_3_3.php

http://www.php.net/releases/5_2_14.php

http://www.php.net/ChangeLog-5.php#5.3.3

http://www.php.net/ChangeLog-5.php#5.2.14

http://seclists.org/fulldisclosure/2011/Oct/483

Plugin Details

Severity: High

ID: 5616

File Name: 5616.prm

Family: Web Servers

Published: 2010/07/27

Modified: 2016/02/25

Dependencies: 8682, 8728

Nessus ID: 48244, 48245

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2010/07/22

Vulnerability Publication Date: 2010/07/22

Reference Information

CVE: CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-1868, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531

BID: 38708, 40013, 40948, 41991, 78962

OSVDB: 66798, 66799, 66800, 66801, 66802, 66803, 66804, 66805