PHP 5.5.x < 5.5.21 / 5.6.x < 5.6.5 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8909
SynopsisThe remote web server uses a version of PHP that is affected by multiple denial of service vulnerabilities.
DescriptionPHP versions 5.5.x prior to 5.5.21, and 5.6.x prior to 5.6.5 are exposed to the following issues :
- A flaw exists in the 'ereg(regex)' component due to a NULL pointer dereference condition. Specifically, this issue affects the '/regex/regcomp.c' source file. (Bug 68740)
- A use-after-free memory error exists in the 'opcache' component. Specifically, this issue affects the '/ext/opcache/zend_shared_alloc.c' source file. (Bug 68677 / CVE-2015-1351)
- A flaw exists in the 'zend_ts_hash_graceful_destroy' function in the Zend Engine for PHP which exposes a double free vulnerability. Specifically, this issue affects the 'zend_ts_hash.c' source file. (Bug 68676 / CVE-2014-9425)
- A flaw exists in the 'pgsql' component due to a NULL pointer dereference condition. Specifically, this issue affects the 'token' parameter of the '/ext/pgsql/pgsql.c' source file. (Bug 68697 / CVE-2015-1352)
A remote attacker could exploit these vulnerabilities to crash the affected application, denying service to legitimate users.
- An out-of-bounds read issue exists in the 'GetCode_()' function in 'gd_gif_in.c'. This allows a remote attacker to disclose memory contents. (CVE-2014-9709)
SolutionApply the vendor's patch, or upgrade to the latest version. These issues have been fixed in versions 5.5.21, 5.6.5 and later.