Executive Summary

Summary
Title PHP vulnerabilities
Informations
Name USN-2501-1 First vendor Publication 2015-02-17
Vendor Ubuntu Last vendor Modification 2015-02-17
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8142, CVE-2015-0231)

Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9427)

It was discovered that PHP incorrectly handled certain pascal strings in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9652)

Alex Eubanks discovered that PHP incorrectly handled EXIF data in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0232)

It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1351)

It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1352)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
php5-cgi 5.5.12+dfsg-2ubuntu4.2
php5-cli 5.5.12+dfsg-2ubuntu4.2
php5-fpm 5.5.12+dfsg-2ubuntu4.2
php5-pgsql 5.5.12+dfsg-2ubuntu4.2

Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
php5-cgi 5.5.9+dfsg-1ubuntu4.6
php5-cli 5.5.9+dfsg-1ubuntu4.6
php5-fpm 5.5.9+dfsg-1ubuntu4.6
php5-pgsql 5.5.9+dfsg-1ubuntu4.6

Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.16
php5-cgi 5.3.10-1ubuntu3.16
php5-cli 5.3.10-1ubuntu3.16
php5-fpm 5.3.10-1ubuntu3.16
php5-pgsql 5.3.10-1ubuntu3.16

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2501-1
CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2015-0231,
CVE-2015-0232, CVE-2015-1351, CVE-2015-1352

Package Information:
https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.2
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.6
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.16

Original Source

Url : http://www.ubuntu.com/usn/USN-2501-1

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-416 Use After Free

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:29013
 
Oval ID: oval:org.mitre.oval:def:29013
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1352
Version: 3
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29040
 
Oval ID: oval:org.mitre.oval:def:29040
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.
Family: unix Class: vulnerability
Reference(s): CVE-2014-8142
Version: 3
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29121
 
Oval ID: oval:org.mitre.oval:def:29121
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0231
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 14
Application 8
Application 620
Os 103
Os 2
Os 1

Snort® IPS/IDS

Date Description
2017-08-23 PHP core unserialize use after free attempt
RuleID : 43668 - Revision : 2 - Type : SERVER-WEBAPP
2015-04-30 PHP unserialize code execution attempt
RuleID : 33961 - Revision : 2 - Type : SERVER-OTHER
2015-04-30 PHP unserialize code execution attempt
RuleID : 33960 - Revision : 2 - Type : SERVER-OTHER
2015-04-07 PHP unserialize use after free attempt
RuleID : 33683 - Revision : 3 - Type : SERVER-OTHER
2015-04-07 PHP unserialize use after free attempt
RuleID : 33682 - Revision : 3 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2017-01-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-42.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2016-06-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201606-10.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_file_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-10-05 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_11.nasl - Type : ACT_GATHER_INFO
2015-07-22 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_5.nasl - Type : ACT_GATHER_INFO
2015-07-13 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150709_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-07-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1218.nasl - Type : ACT_GATHER_INFO
2015-07-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1218.nasl - Type : ACT_GATHER_INFO
2015-07-13 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1218.nasl - Type : ACT_GATHER_INFO
2015-06-25 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150623_php_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-06-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1135.nasl - Type : ACT_GATHER_INFO
2015-06-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1135.nasl - Type : ACT_GATHER_INFO
2015-06-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1135.nasl - Type : ACT_GATHER_INFO
2015-04-30 Name : The remote Debian host is missing a security update.
File : debian_DLA-212.nasl - Type : ACT_GATHER_INFO
2015-04-28 Name : The remote Fedora host is missing a security update.
File : fedora_2015-6399.nasl - Type : ACT_GATHER_INFO
2015-04-27 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1e232a0ceb5711e4b5954061861086c1.nasl - Type : ACT_GATHER_INFO
2015-04-24 Name : The remote Fedora host is missing a security update.
File : fedora_2015-6407.nasl - Type : ACT_GATHER_INFO
2015-04-23 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_40.nasl - Type : ACT_GATHER_INFO
2015-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2015-6195.nasl - Type : ACT_GATHER_INFO
2015-04-23 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_24.nasl - Type : ACT_GATHER_INFO
2015-04-23 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_6_8.nasl - Type : ACT_GATHER_INFO
2015-04-22 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-111-10.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-511.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-510.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-509.nasl - Type : ACT_GATHER_INFO
2015-04-17 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-508.nasl - Type : ACT_GATHER_INFO
2015-04-17 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-507.nasl - Type : ACT_GATHER_INFO
2015-04-17 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-506.nasl - Type : ACT_GATHER_INFO
2015-04-02 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_742563d4d77611e4b5954061861086c1.nasl - Type : ACT_GATHER_INFO
2015-03-31 Name : The remote Fedora host is missing a security update.
File : fedora_2015-4236.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-079.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-4255.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_6_7.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_23.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_39.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3195.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-203.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-03.nasl - Type : ACT_GATHER_INFO
2015-03-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-150226.nasl - Type : ACT_GATHER_INFO
2015-02-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-150212.nasl - Type : ACT_GATHER_INFO
2015-02-20 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-163.nasl - Type : ACT_GATHER_INFO
2015-02-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2501-1.nasl - Type : ACT_GATHER_INFO
2015-02-13 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-474.nasl - Type : ACT_GATHER_INFO
2015-02-13 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-475.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-032.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Fedora host is missing a security update.
File : fedora_2015-1101.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Fedora host is missing a security update.
File : fedora_2015-1058.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_6_5.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_21.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_37.nasl - Type : ACT_GATHER_INFO
2015-01-09 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-464.nasl - Type : ACT_GATHER_INFO
2015-01-09 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-463.nasl - Type : ACT_GATHER_INFO
2015-01-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-004.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote web server uses a version of PHP that is affected by a remote code...
File : php_5_6_4.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote web server uses a version of PHP that is affected by a remote code...
File : php_5_5_20.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote web server uses a version of PHP that is affected by a remote code...
File : php_5_4_36.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3117.nasl - Type : ACT_GATHER_INFO
2014-12-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17229.nasl - Type : ACT_GATHER_INFO
2014-12-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17241.nasl - Type : ACT_GATHER_INFO
2014-12-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17276.nasl - Type : ACT_GATHER_INFO
2014-12-23 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-356-02.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2015-03-31 13:29:49
  • Multiple Updates
2015-03-30 17:29:48
  • Multiple Updates
2015-02-19 13:25:00
  • Multiple Updates
2015-02-17 21:22:51
  • First insertion