SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PHP Vendors:   PHP Group
PHP Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1032709
SecurityTracker URL:  http://securitytracker.com/id/1032709
CVE Reference:   CVE-2015-3411, CVE-2015-3412, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604, CVE-2015-4605, CVE-2015-4642, CVE-2015-4643, CVE-2015-4644   (Links to External Site)
Date:  Jun 25 2015
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.6.10
Description:   Multiple vulnerabilities were reported in PHP. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions on the target system.

A remote user can create a specially crafted regular expression that, when processed by the target application, will trigger a heap overflow in the PCRE library (pcrelib) and execute arbitrary code on the target system [CVE-2015-2325, CVE-2015-2326].

A remote user can exploit a flaw in the escapeshellarg() to potentially execute arbitrary operating system commands on the target system [CVE-2015-4642]. Windows-based systems are affected. Takayuki Uchiyama reported this vulnerability.

A remote user can trigger an integer overflow in the ftp_genlist() function of the ftp extension and potentially execute arbitrary code on the target system [CVE-2015-4643]. Max Spelsberg reported this vulnerability.

[Editor's note: This vulnerability is due to an incorrect fix for CVE-2015-4022.]

A user can create specially crafted PHP code that, when loaded, will trigger a crash in php_pgsql_meta_data() [CVE-2015-4644].

A user can supply a path name containing null characters to potentially overwrite files on the target system [CVE-2015-3411, CVE-2015-3412]. These vulnerabilities were corrected in version 5.6.8.

A user can supply a path name containing null characters to potentially overwrite files on the target system [CVE-2015-4598].

A user can supply specially crafted data that, when unserialized by the target application, will execute arbitrary code [CVE-2015-4599].

A user can provide specially crafted data to trigger type confusion error and a memory leak in exception::getTraceAsStrin() on the PHP SOAP client and cause the application to crash [CVE-2015-4148, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602CVE-2015-4603]. These vulnerabilities were corrected in version 5.6.8.

A user can supply specially crafted data to the finfo::file() or finfo::buffer() functions to trigger a memory allocation error and cause the target application to crash [CVE-2015-4604, CVE-2015-4605]. These vulnerabilities were corrected in version 5.6.8.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (5.4.42, 5.5.26, 5.6.10).

[Editor's note: Some vulnerabilities were fixed in prior versions, as noted in the Description section. Some vulnerabilities do not apply to some branches.]

The vendor's advisory is available at:

http://php.net/ChangeLog-5.php#5.6.10

Vendor URL:  www.php.net/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, Resource error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 25 2015 (Red Hat Issues Fix) PHP Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Jun 25 2015 (CentOS Issues Fix) PHP Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code
CentOS has issued a fix for CentOS 7.
Jul 10 2015 (Red Hat Issues Fix) PHP Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 6, 6.5, 6.6, 7, and 7.1.
Jul 10 2015 (Red Hat Issues Fix) PHP Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Jul 10 2015 (CentOS Issues Fix) PHP Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code
CentOS has issued a fix for CentOS 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC