PHP 5.5.x < 5.5.34 / 5.6.x < 5.6.20 / 7.0.x < 7.0.5 Multiple Vulnerabilities
Critical Nessus Network Monitor Plugin ID 9171
SynopsisThe remote web server uses a version of PHP that is affected by multiple vulnerabilities.
DescriptionVersions of PHP 5.5.x prior to 5.5.34, or 5.6.x prior to 5.6.20, or 7.0.x prior to 7.0.5 are vulnerable to the following issues :
- A format string flaw exists in the 'php_snmp_error()' function in 'ext/snmp/snmp.c'. The issue is triggered as string format specifiers (e.g. %s and %x) are not properly used. With a specially crafted SNMP object, a remote attacker can cause a denial of service or potentially execute arbitrary code. (OSVDB 136483)
- An invalid memory write is triggered when handling the path of phar filenames. This may allow a remote attacker to have an unspecified impact. (OSVDB 136484)
- A flaw exists in the 'mbfl_strcut()' function in 'ext/mbstring/libmbfl/mbfl/mbfilter.c'. This issue is triggered when handling negative sz values. This may allow a remote attacker to cause a crash. (OSVDB 136485)
- An integer overflow condition exists in the 'php_raw_url_encode()' function in 'ext/standard/url.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to have an unspecified impact. (OSVDB 136486)
SolutionUpgrade to PHP version 7.0.5 or later. If 7.x cannot be obtained, 5.6.20 and 5.5.34 are also patched for these vulnerabilities.