PHP 5.5.x < 5.5.21 / 5.6.x < 5.6.5 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8909

Synopsis

The remote web server uses a version of PHP that is affected by multiple denial of service vulnerabilities.

Description

PHP versions 5.5.x prior to 5.5.21, and 5.6.x prior to 5.6.5 are exposed to the following issues :

- A flaw exists in the 'ereg(regex)' component due to a NULL pointer dereference condition. Specifically, this issue affects the '/regex/regcomp.c' source file. (Bug 68740)

- A use-after-free memory error exists in the 'opcache' component. Specifically, this issue affects the '/ext/opcache/zend_shared_alloc.c' source file. (Bug 68677 / CVE-2015-1351)

- A flaw exists in the 'zend_ts_hash_graceful_destroy' function in the Zend Engine for PHP which exposes a double free vulnerability. Specifically, this issue affects the 'zend_ts_hash.c' source file. (Bug 68676 / CVE-2014-9425)

- A flaw exists in the 'pgsql' component due to a NULL pointer dereference condition. Specifically, this issue affects the 'token' parameter of the '/ext/pgsql/pgsql.c' source file. (Bug 68697 / CVE-2015-1352)

A remote attacker could exploit these vulnerabilities to crash the affected application, denying service to legitimate users.

- An out-of-bounds read issue exists in the 'GetCode_()' function in 'gd_gif_in.c'. This allows a remote attacker to disclose memory contents. (CVE-2014-9709)

Solution

Apply the vendor's patch, or upgrade to the latest version. These issues have been fixed in versions 5.5.21, 5.6.5 and later.

See Also

https://bugs.php.net/bug.php?id=68697

https://bugs.php.net/bug.php?id=68677

https://bugs.php.net/bug.php?id=68676

https://bugs.php.net/bug.php?id=68740

https://bugs.php.net/bug.php?id=68601

http://www.php.net/ChangeLog-5.php#5.5.21

http://www.php.net/ChangeLog-5.php#5.6.5

Plugin Details

Severity: High

ID: 8909

Family: Web Servers

Published: 2015/02/25

Modified: 2018/09/16

Dependencies: 8682

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2015/01/22

Vulnerability Publication Date: 2015/01/22

Reference Information

CVE: CVE-2015-1352, CVE-2015-1351, CVE-2014-9425, CVE-2014-9709

BID: 71953, 71929, 71932, 73306