SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PHP Vendors:   PHP Group
PHP Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information, View Files, and Execute Arbitrary Code
SecurityTracker Alert ID:  1033548
SecurityTracker URL:  http://securitytracker.com/id/1033548
CVE Reference:   CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838   (Links to External Site)
Date:  Sep 14 2015
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions: 5.4.45, 5.5.29, 5.6.13
Description:   Multiple vulnerabilities were reported in PHP. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can view files on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user can send specially crafted data to trigger a user-after-free memory error in unserialize() and potentially execute arbitrary code [CVE-2015-6834].

A remote user can send specially crafted data to trigger a user-after-free memory error in the session deserializer and potentially execute arbitrary code [CVE-2015-6835].

A remote user can send a specially crafted request to the target CLI server (non-production debugging server) to view potentially sensitive information located out of the web server directory on the target system. Windows-based systems are affected. Version 5.6.x is affected.

A remote user can create a specially crafted TIFF file that, when loaded by the target application, will trigger a buffer over-read in exif_read_data() to access potentially sensitive information in the application buffer.

A remote user can send specially crafted data to trigger a user-after-free memory error in the unserialize() function with GMP and potentially execute arbitrary code. Version 5.6.x is affected.

A remote user can send specially crafted data to flaws in several PCRE function to cause denial of service conditions and potentially execute arbitrary code.

A remote user can send specially crafted data to trigger a type confusion error in the SOAP serialize_function_call() function and execute arbitrary code [CVE-2015-6836].

A remote user can send specially crafted data to trigger a user-after-free memory error in the unserialize() function with SplObjectStorage and SplDoublyLinkedList and potentially execute arbitrary code [CVE-2015-6834].

A remote user can send specially crafted XSLT data to trigger a null pointer dereference and and potentially execute arbitrary code [CVE-2015-6837, CVE-2015-6838].

A user can create a specially crafted ZIP file that, when processed by the target application, will exploit a flaw in the ZipArchive::extractTo function and create arbitrary directories.

Impact:   A remote user can create content that, when processed by the target application, will execute arbitrary code on the target user's system.

A remote user can view files on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can cause arbitrary directories to be created on the target system in certain cases.

Solution:   The vendor has issued a fix (5.4.45, 5.5.29, 5.6.13).

The vendor's advisories are available at:

https://secure.php.net/ChangeLog-5.php#5.4.45
https://secure.php.net/ChangeLog-5.php#5.5.29
https://secure.php.net/ChangeLog-5.php#5.6.13

Vendor URL:  secure.php.net/ChangeLog-5.php#5.4.45 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 1 2015 (Ubuntu Issues Fix) PHP Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information, View Files, and Execute Arbitrary Code
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.04.
Oct 22 2015 (Apple Issues Fix) PHP Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information, View Files, and Execute Arbitrary Code
Apple has issued a fix for Apple OS X 10.9.5, 10.10.5, and 10.11.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC