Executive Summary

Informations
Name CVE-2014-4049 First vendor Publication 2014-06-18
Vendor Cve Last vendor Modification 2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 5.1 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24159
 
Oval ID: oval:org.mitre.oval:def:24159
Title: USN-2254-1 -- php5 vulnerabilities
Description: Several security issues were fixed in PHP.
Family: unix Class: patch
Reference(s): USN-2254-1
CVE-2014-0185
CVE-2014-0237
CVE-2014-0238
CVE-2014-4049
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24930
 
Oval ID: oval:org.mitre.oval:def:24930
Title: USN-2254-2 -- php5 updates
Description: An improvement was made for PHP FPM environments.
Family: unix Class: patch
Reference(s): USN-2254-2
CVE-2014-0185
CVE-2014-0237
CVE-2014-0238
CVE-2014-4049
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24951
 
Oval ID: oval:org.mitre.oval:def:24951
Title: DSA-2961-1 php5 - security update
Description: It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
Family: unix Class: patch
Reference(s): DSA-2961-1
CVE-2014-4049
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26689
 
Oval ID: oval:org.mitre.oval:def:26689
Title: DSA-3008-1 php5 - security update
Description: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family: unix Class: patch
Reference(s): DSA-3008-1
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-4670
CVE-2013-7345
CVE-2014-4049
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): php5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 607
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-07-03 IAVM : 2014-B-0086 - Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0052897

Snort® IPS/IDS

Date Description
2014-11-16 PHP DNS parsing heap overflow attempt
RuleID : 31460 - Revision : 3 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-67.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-393.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-372.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-367.nasl - Type : ACT_GATHER_INFO
2014-09-18 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO
2014-09-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-546.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-172.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3008.nasl - Type : ACT_GATHER_INFO
2014-08-19 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_d2a892b9260511e49da000a0986f28c4.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-130.nasl - Type : ACT_GATHER_INFO
2014-07-08 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7782.nasl - Type : ACT_GATHER_INFO
2014-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7765.nasl - Type : ACT_GATHER_INFO
2014-06-27 Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_5_14.nasl - Type : ACT_GATHER_INFO
2014-06-27 Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_4_30.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2254-2.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-443.nasl - Type : ACT_GATHER_INFO
2014-06-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2254-1.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2961.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BID http://www.securityfocus.com/bid/68007
CONFIRM http://support.apple.com/kb/HT6443
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://bugzilla.redhat.com/show_bug.cgi?id=1108447
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
https://support.apple.com/HT204659
DEBIAN http://www.debian.org/security/2014/dsa-2961
HP http://marc.info/?l=bugtraq&m=141017844705317&w=2
MLIST http://www.openwall.com/lists/oss-security/2014/06/13/4
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
SECTRACK http://www.securitytracker.com/id/1030435
SECUNIA http://secunia.com/advisories/59270
http://secunia.com/advisories/59329
http://secunia.com/advisories/59418
http://secunia.com/advisories/59496
http://secunia.com/advisories/59513
http://secunia.com/advisories/59652
http://secunia.com/advisories/60998
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html
http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Date Informations
2020-05-23 01:52:23
  • Multiple Updates
2020-05-23 00:41:19
  • Multiple Updates
2019-06-08 12:06:14
  • Multiple Updates
2018-10-31 00:20:38
  • Multiple Updates
2018-10-03 12:04:17
  • Multiple Updates
2018-03-12 12:01:08
  • Multiple Updates
2018-01-26 12:05:36
  • Multiple Updates
2017-12-28 09:21:44
  • Multiple Updates
2017-09-08 12:04:32
  • Multiple Updates
2017-07-15 13:25:44
  • Multiple Updates
2017-01-07 09:25:37
  • Multiple Updates
2016-11-29 00:24:55
  • Multiple Updates
2016-10-26 09:22:43
  • Multiple Updates
2016-10-05 01:01:41
  • Multiple Updates
2016-08-30 13:21:27
  • Multiple Updates
2016-08-23 09:24:51
  • Multiple Updates
2016-08-11 12:01:23
  • Multiple Updates
2016-07-29 12:01:23
  • Multiple Updates
2016-06-29 00:36:26
  • Multiple Updates
2016-05-18 13:27:58
  • Multiple Updates
2016-05-03 13:30:31
  • Multiple Updates
2016-04-30 13:30:48
  • Multiple Updates
2016-04-29 13:31:42
  • Multiple Updates
2016-04-27 00:56:57
  • Multiple Updates
2016-04-26 13:27:45
  • Multiple Updates
2016-04-16 13:27:08
  • Multiple Updates
2015-12-05 13:26:38
  • Multiple Updates
2015-09-02 21:26:25
  • Multiple Updates
2015-08-28 21:24:32
  • Multiple Updates
2015-06-25 13:28:24
  • Multiple Updates
2015-05-21 13:31:25
  • Multiple Updates
2015-05-21 00:27:43
  • Multiple Updates
2015-05-19 21:28:44
  • Multiple Updates
2015-05-14 21:28:09
  • Multiple Updates
2015-05-14 09:26:48
  • Multiple Updates
2015-04-22 00:26:19
  • Multiple Updates
2015-04-21 09:25:12
  • Multiple Updates
2015-04-14 09:27:34
  • Multiple Updates
2015-04-11 13:28:47
  • Multiple Updates
2015-03-31 13:28:38
  • Multiple Updates
2015-03-27 13:28:20
  • Multiple Updates
2014-11-19 09:23:55
  • Multiple Updates
2014-11-16 21:25:07
  • Multiple Updates
2014-11-14 13:28:18
  • Multiple Updates
2014-10-12 13:27:23
  • Multiple Updates
2014-09-23 13:28:04
  • Multiple Updates
2014-09-19 13:27:37
  • Multiple Updates
2014-09-18 13:27:22
  • Multiple Updates
2014-09-13 13:43:07
  • Multiple Updates
2014-08-31 13:25:13
  • Multiple Updates
2014-08-23 13:27:45
  • Multiple Updates
2014-08-21 13:26:39
  • Multiple Updates
2014-08-20 13:25:58
  • Multiple Updates
2014-08-08 13:24:46
  • Multiple Updates
2014-08-07 13:25:16
  • Multiple Updates
2014-07-17 09:23:36
  • Multiple Updates
2014-07-14 13:25:59
  • Multiple Updates
2014-07-12 00:21:50
  • Multiple Updates
2014-07-11 13:25:10
  • Multiple Updates
2014-07-09 13:25:40
  • Multiple Updates
2014-07-05 13:24:55
  • Multiple Updates
2014-07-02 13:25:55
  • Multiple Updates
2014-06-28 13:27:16
  • Multiple Updates
2014-06-27 13:26:19
  • Multiple Updates
2014-06-26 09:25:21
  • Multiple Updates
2014-06-25 13:26:10
  • Multiple Updates
2014-06-20 00:24:23
  • Multiple Updates
2014-06-19 00:23:14
  • First insertion