Executive Summary
Summary | |
---|---|
Title | PHP vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-2952-1 | First vendor Publication | 2016-04-21 |
Vendor | Ubuntu | Last vendor Modification | 2016-04-21 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. (CVE-2014-9767) It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8835, CVE-2016-3185) It was discovered that the PHP MySQL native driver incorrectly handled TLS connections to MySQL databases. A man in the middle attacker could possibly use this issue to downgrade and snoop on TLS connections. This vulnerability is known as BACKRONYM. (CVE-2015-8838) It was discovered that PHP incorrectly handled the imagerotate function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903) Hans Jerry Illikainen discovered that the PHP phar extension incorrectly handled certain tar archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2554) It was discovered that the PHP WDDX extension incorrectly handled certain malformed XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-3141) It was discovered that the PHP phar extension incorrectly handled certain zip files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2016-3142) It was discovered that the PHP libxml_disable_entity_loader() setting was shared between threads. When running under PHP-FPM, this could result in XML external entity injection and entity expansion issues. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number) It was discovered that the PHP openssl_random_pseudo_bytes() function did not return cryptographically strong pseudo-random bytes. (No CVE number) It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE number pending) It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE number pending) It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE number pending) It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE number pending) It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE number pending) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: Ubuntu 14.04 LTS: Ubuntu 12.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2952-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20 % | CWE-20 | Improper Input Validation |
7 % | CWE-611 | Information Leak Through XML External Entity File Disclosure |
7 % | CWE-310 | Cryptographic Issues |
7 % | CWE-284 | Access Control (Authorization) Issues |
7 % | CWE-200 | Information Exposure |
7 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
7 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2018-08-16 | PHP phar extension remote code execution attempt RuleID : 47207 - Revision : 2 - Type : SERVER-WEBAPP |
2016-08-18 | PHP phar extension remote code execution attempt RuleID : 39662 - Revision : 3 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-03-01 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL54924436.nasl - Type : ACT_GATHER_INFO |
2017-02-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL64412100.nasl - Type : ACT_GATHER_INFO |
2017-02-08 | Name : The remote Debian host is missing a security update. File : debian_DLA-818.nasl - Type : ACT_GATHER_INFO |
2017-01-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-42.nasl - Type : ACT_GATHER_INFO |
2016-12-21 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL42065024.nasl - Type : ACT_GATHER_INFO |
2016-12-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201611-22.nasl - Type : ACT_GATHER_INFO |
2016-11-09 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_6.nasl - Type : ACT_GATHER_INFO |
2016-08-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO |
2016-06-17 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1581-1.nasl - Type : ACT_GATHER_INFO |
2016-06-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-499.nasl - Type : ACT_GATHER_INFO |
2016-05-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2984-1.nasl - Type : ACT_GATHER_INFO |
2016-05-23 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-626.nasl - Type : ACT_GATHER_INFO |
2016-05-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1310-1.nasl - Type : ACT_GATHER_INFO |
2016-05-19 | Name : The remote Mac OS X host is affected by multiple vulnerabilities. File : macosx_10_11_5.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-576.nasl - Type : ACT_GATHER_INFO |
2016-05-09 | Name : The remote Debian host is missing a security update. File : debian_DLA-460.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-698.nasl - Type : ACT_GATHER_INFO |
2016-05-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2952-2.nasl - Type : ACT_GATHER_INFO |
2016-04-29 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-517.nasl - Type : ACT_GATHER_INFO |
2016-04-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3560.nasl - Type : ACT_GATHER_INFO |
2016-04-28 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-516.nasl - Type : ACT_GATHER_INFO |
2016-04-27 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1145-1.nasl - Type : ACT_GATHER_INFO |
2016-04-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2952-1.nasl - Type : ACT_GATHER_INFO |
2016-04-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-685.nasl - Type : ACT_GATHER_INFO |
2016-04-06 | Name : The version of PHP on the remote web server is affected by multiple vulnerabi... File : php_5_5_34.nasl - Type : ACT_GATHER_INFO |
2016-03-17 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_7_0_4.nasl - Type : ACT_GATHER_INFO |
2016-03-17 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_6_19.nasl - Type : ACT_GATHER_INFO |
2016-03-17 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_33.nasl - Type : ACT_GATHER_INFO |
2016-03-11 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-323.nasl - Type : ACT_GATHER_INFO |
2016-02-10 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_31.nasl - Type : ACT_GATHER_INFO |
2016-02-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_85eb4e46cf1611e5840f485d605f4717.nasl - Type : ACT_GATHER_INFO |
2016-02-10 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_7_0_2.nasl - Type : ACT_GATHER_INFO |
2016-02-08 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-157.nasl - Type : ACT_GATHER_INFO |
2016-02-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-034-04.nasl - Type : ACT_GATHER_INFO |
2016-02-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-100.nasl - Type : ACT_GATHER_INFO |
2016-01-19 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-640.nasl - Type : ACT_GATHER_INFO |
2015-08-11 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_28.nasl - Type : ACT_GATHER_INFO |
2015-07-10 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_6_11.nasl - Type : ACT_GATHER_INFO |
2015-07-10 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_27.nasl - Type : ACT_GATHER_INFO |
2015-07-10 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_4_43.nasl - Type : ACT_GATHER_INFO |
2015-02-25 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_22.nasl - Type : ACT_GATHER_INFO |
2015-02-25 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_6_6.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-12-01 09:26:03 |
|
2016-05-22 09:37:54 |
|
2016-05-16 17:36:45 |
|
2016-05-03 13:30:32 |
|
2016-04-26 13:27:45 |
|
2016-04-21 21:24:49 |
|