PHP Bugs May Let Remote Users Obtain Potentially Sensitive Information, Gain Elevated Privileges, or Execute Arbitrary Code
|
SecurityTracker Alert ID: 1034608 |
SecurityTracker URL: http://securitytracker.com/id/1034608
|
CVE Reference:
CVE-2016-1903, CVE-2016-1904
(Links to External Site)
|
Updated: Jan 15 2016
|
Original Entry Date: Jan 7 2016
|
Impact:
Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to versions 5.5.31, 5.6.17, 7.0.2
|
Description:
Several vulnerabilities were reported in PHP. A remote user can gain elevated privileges. A remote user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information on the target system.
The specific impact depends on how the target application or system accesses the affected functions.
A memory leak and buffer overflow may occur in 'fpm_log.c'.
A memory read error may occur in gdImageRotateInterpolated() [CVE-2016-1903].
A use-after-free memory error may occur in WDDX packet deserialization.
A type confusion error may occur in WDDX packet deserialization.
A type confusion error may occur in PHP_to_XMLRPC_worker().
A heap overflow may occur in escapeshell() functions [CVE-2016-1904]. Version 7.x is affected.
|
Impact:
A remote user can gain elevated privileges on the target system.
A remote user can execute arbitrary code on the target system.
A remote user can obtain potentially sensitive information on the target system.
|
Solution:
The vendor has issued a fix (5.5.31, 5.6.17, 7.0.2).
The vendor's advisory is available at:
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
|
Vendor URL: www.php.net/ (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|