PHP 5.6.10 < 5.6.11 Multiple RCE (BACKRONYM)

High Nessus Network Monitor Plugin ID 8954

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.6.x earlier than 5.6.11 are subject to the following issues :

- A use-after-free error exists in the spl_recursive_it_move_forward_ex() function. An attacker can exploit this to dereference already freed memory, potentially allowing the execution of arbitrary code. (OSVDB 124409)
- A use-after-free error exists in the sqlite3SafetyCheckSickOrOk() function. An attacker can exploit this to dereference already freed memory, potentially allowing the execution of arbitrary code. (OSVDB 124410)

Solution

Upgrade to PHP version 5.6.11 or later.

See Also

http://www.php.net/ChangeLog-5.php#5.6.11

https://bugs.php.net/bug.php?id=69970

http://www.securityweek.com/backronym-other-vulnerabilities-patched-php

Plugin Details

Severity: High

ID: 8954

Family: Web Servers

Published: 2015/10/07

Modified: 2015/10/12

Dependencies: 8682

Nessus ID: 84673

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2015/07/10

Vulnerability Publication Date: 2015/06/30