PHP 5.3.x < 5.3.14 / 5.4.x < 5.4.4 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9097

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.3.x prior to 5.3.14, or 5.4.x prior to 5.4.4 are affected by the following vulnerabilities :

- An integer overflow error exists in the function 'phar_parse_tarfile' in the file 'ext/phar/tar.c'. This error can lead to a heap-based buffer overflow when handling a maliciously crafted TAR file. Arbitrary code execution is possible due to this error. (CVE-2012-2386)
- A weakness exists in the 'crypt' function related to the DES implementation that can allow brute-force attacks. (CVE-2012-2143)
- Several design errors exist involving the incorrect parsing of PHP PDO prepared statements could lead to disclosure of sensitive information or denial of service. (CVE-2012-3450)
- A variable initialization error exists in the file 'ext/openssl/openssl.c' that can allow process memory contents to be disclosed when input data is of length zero. (CVE-2012-6113)

Solution

Apply the vendor patch or upgrade to PHP version 5.4.4 or later. If 5.4.x cannot be installed, 5.3.14 is also patched for these vulnerabilities.

See Also

http://www.nessus.org/u?6adf7abc

https://bugs.php.net/bug.php?id=61755

http://www.php.net/ChangeLog-5.php#5.3.14

http://www.nessus.org/u?99140286

http://www.nessus.org/u?a42ad63a

Plugin Details

Severity: High

ID: 9097

Family: Web Servers

Published: 2016/02/25

Modified: 2016/02/25

Dependencies: 8682

Nessus ID: 59529, 59530

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.5

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

CVSSv3

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS3#AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:P/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2012/06/14

Vulnerability Publication Date: 2011/04/21

Reference Information

CVE: CVE-2012-2143, CVE-2012-2386, CVE-2012-3450, CVE-2012-6113

BID: 47545, 53729, 54777, 57462