PHP 7.0.x < 7.0.1 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 9064

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 7.0.x prior to 7.0.1 are vulnerable to the following issues :

- A use-after-free error exists in the 'collator_sort_with_sort_keys()' function in 'xt/intl/collator/collator_sort.c.' The issue is triggered as pointers are not properly cleared when destroying an array. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-8616)
- A format string flaw exists in the 'zend_throw_or_error()' function in 'Zend/zend_execute_API.c' as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input such as when handling non-existent class names. This may allow an authenticated, remote attacker to potentially execute arbitrary code. (CVE-2015-8617)
- A flaw exists in the 'php_password_make_salt()' function in 'ext/standard/password.c' that is triggered when attempts to read random bytes from the operating system's cryptographically secure pseudo-random number generator (CSPRNG) fail. In such cases, the function falls back to generating the password salt in an insecure manner. This may allow an attacker to more easily predict the generated password salt.

Solution

Upgrade to PHP version 7.0.1, or later.

See Also

http://www.php.net/ChangeLog-7.php#7.0.1

Plugin Details

Severity: Critical

ID: 9064

Family: Web Servers

Published: 2016/01/29

Modified: 2018/09/16

Dependencies: 9243

Nessus ID: 87599

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2015/12/17

Vulnerability Publication Date: 2015/12/07

Reference Information

CVE: CVE-2015-8616, CVE-2015-8617

BID: 79672