SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PHP Vendors:   PHP Group
PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
SecurityTracker Alert ID:  1036430
SecurityTracker URL:  http://securitytracker.com/id/1036430
CVE Reference:   CVE-2016-5399, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297   (Links to External Site)
Updated:  Jul 25 2016
Original Entry Date:  Jul 22 2016
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in PHP. A remote or local user can obtain potentially sensitive information on the target system. A remote or local user can execute arbitrary code on the target system.

A buffer over read error may occur in php_url_parse_ex() [CVE-2016-6288]. Version 5.5.x is affected.

An integer overflow my occur in processing string-typed ZVAL. Version 5.6.x is affected.

A stack overflow may occur in virtual_file_ex() [CVE-2016-6289].

A use-after-free may occur in unserialize() [CVE-2016-6290]. Versions 5.5.x and 5.6.x are affected.

A type confusion error may occur in php_bz2_filter_create(). Version 5.6.x is affected.

An out-of-bounds write may occur due to inadequate error handling in bzread() [CVE-2016-5399].

A null pointer dereference may occur in variant_date_from_timestamp(). Version 7.x is affected.

A heap overflow may occur in curl. Version 7.x is affected.

An out-of-bounds read error may occur in exif_process_IFD_in_MAKERNOTE() [CVE-2016-6291].

A null pointer dereference may occur in exif_process_user_comment() [CVE-2016-6292].

A read/write access error may occur in gdImageAALine(). Version 7.x is affected.

An out-of-bounds access error may occur in imagecropauto(). Version 7.x is affected.

A read/write access error may occur in gdImageTrueColorToPaletteBody().

An out-of-bounds access error may occur in imagegif/output.

An integer overflow may occur in _gdContributionsAlloc().

An out-of-bounds access error may occur in locale_accept_from_http() [CVE-2016-6294].

An out-of-bounds read error may occur in mb_ereg_replace - mbc_to_code. Version 7.x is affected.

A use-after-free memory error may occur in MBString. Version 7.x is affected.

A cast error and heap overflow may occur in mdecrypt_generic(). Version 7.x is affected.

A heap overflow may occur in proc_open() in the processing of the '$env' parameter in the PCRE component. Version 7.x is affected.

A buffer overflow may occur in ps_files_cleanup_dir(). Version 7.x is affected.

A use-after-free memory error may occur in unserialize(). Version 7.x is affected.

A use-after-free memory error may occur in SNMP [CVE-2016-6295].

A heap overflow may occur in simplestring_addn() in 'simplestring.c' in the XMLRPC component [CVE-2016-6296].

A stack overflow may occur in php_stream_zip_opener() [CVE-2016-6297].

Impact:   A remote or local user can obtain potentially sensitive information on the target system.

A remote or local user can execute arbitrary code on the target system.

The impact depends on the application using PHP on the target system.

Solution:   The vendor has issued a fix (5.5.38, 5.6.24, 7.0.9).

The vendor's advisories are available at:

http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9

Vendor URL:  php.net/ChangeLog-7.php#7.0.9 (Links to External Site)
Cause:   Access control error, Boundary error, Exception handling error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 2 2016 (Ubuntu Issues Fix) PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 16.04 LTS.
Sep 21 2016 (Apple Issues Fix for Apple macOS/OS X) PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
Apple has issued a fix for Apple macOS/OS X.
Nov 4 2016 (Red Hat Issues Fix) PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Apr 19 2017 (Oracle Issues Fix for Oracle Secure Backup) PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
Oracle has issued a fix for Oracle Secure Backup.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC