Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.4.x < 5.4.45 / 5.5.x < 5.5.29 / 5.6.x < 5.6.13 Multiple Vulnerabilities

Critical

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.4.x prior to 5.4.45, 5.5.x prior to 5.5.29, or 5.6.x prior to 5.6.13 are vulnerable to the following issues :

- A use-after-free error exists in the unserialize() function in 'ext/spl/spl_observer.c'. The issue is triggered as user-supplied input is not sanitized. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 126951) - A type confusion flaw affects the serialize_function_call() function in 'ext/soap/soap.c'. The issue is triggered when handling input passed via the header field. This may allow a remote attacker to execute arbitrary code. (OSVDB 126952) - A use-after-free error affects the object_custom() function in 'ext/standard/var_unserializer.c'. The issue is triggered when handling user-supplied input. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 126953) - A use-after-free error affects the unserialize() function in 'ext/spl/spl_dllist.c'. The issue is triggered during the deserialization of user-supplied input. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 126954) - An out-of-bounds read flaw in the exif_process_IFD_TAG() function in 'ext/exif/exif.c' that is triggered when handling TIFF IFD tags. This may allow a context-dependent attacker to crash an application linked against PHP or potentially disclose memory contents. (OSVDB 126955) - An overflow condition exists in the php_pcre_match_impl() function in 'ext/pcre/php_pcre.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 126956) - A flaw exists in the php_pcre_split_impl() function in 'ext/pcre/php_pcre.c'. The flaw is triggered during the handling of offsets that consist of a start and end position within the subject string, which can cause an exhaustion of memory resources. This may allow a remote attacker to exhaust available memory. (OSVDB 126958) - An overflow condition affects the php_pcre_replace_impl() function in 'ext/pcre/php_pcre.c'. The issue is triggered as user-supplied input is not properly validated when handling offsets. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 126959) - A use-after-free error exists in the php_var_unserialize() function of the session deserializer (php_binary/php_serialize). The issue is triggered when deserializing multiple forms of data. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 126962) - A NULL pointer dereference flaw exists in the xsl_ext_function_php() function in 'ext/xsl/xsltprocessor.c' that is triggered as checks are not properly performed on user-supplied input. This may allow a remote attacker to cause a denial of service. (OSVDB 126989) - A flaw exists that allows traversing outside of a restricted path. The issue is due to the php_zip_extract_file() function in 'ext/zip/php_zip.c' not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') passed to the ZipArchive::extractTo() method. This may allow a remote attacker to create arbitrary directories. (OSVDB 127122)

Solution

Upgrade to PHP version 5.6.13 or later. If 5.6.13 cannot be installed, 5.4.45 and 5.5.29 are also patched for these vulnerabilities.