PHP 5.3.x < 5.3.7 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6015

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities :

- A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)

- A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)

- A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)

- crypt_blowfish was updated to 1.2. (CVE-2011-2483)

- Multiple null pointer dereferences exist.

- An unspecified crash exists in error_log().

- A buffer overflow vulnerability exists in crypt().
- A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition. (OSVDB 126477)

Solution

Upgrade to PHP version 5.3.7 or later.

See Also

http://securityreason.com/achievement_securityalert/101

http://securityreason.com/exploitalert/10738

https://bugs.php.net/bug.php?id=54238

https://bugs.php.net/bug.php?id=54681

https://bugs.php.net/bug.php?id=54939

https://bugs.php.net/bug.php?id=52523

https://bugs.php.net/bug.php?id=55169

http://www.php.net/releases/5.3.7.php

http://php.net/ChangeLog-5.php#5.3.7

Plugin Details

Severity: High

ID: 6015

Family: Web Servers

Published: 2011/08/23

Modified: 2016/11/23

Dependencies: 8682

Nessus ID: 55925, 57753

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2011/08/18

Vulnerability Publication Date: 2011/03/13

Reference Information

CVE: CVE-2011-1148, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268

BID: 46843, 47950, 48259, 49241, 49249, 49252