Executive Summary
Summary | |
---|---|
Title | php security update |
Informations | |||
---|---|---|---|
Name | RHSA-2013:1824 | First vendor Publication | 2013-12-11 |
Vendor | RedHat | Last vendor Modification | 2013-12-11 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 5.9, 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2013-1824.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2013-12-17 | PHP openssl_x509_parse() - Memory Corruption Vulnerability |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-02-27 | IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-07-31 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_jsa10804.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0064-1.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_php_20140522.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1825.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1824.nasl - Type : ACT_GATHER_INFO |
2014-10-08 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_4.nasl - Type : ACT_GATHER_INFO |
2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1032.nasl - Type : ACT_GATHER_INFO |
2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO |
2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes a certificate validat... File : macosx_10_9_2.nasl - Type : ACT_GATHER_INFO |
2014-01-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-014.nasl - Type : ACT_GATHER_INFO |
2014-01-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php53-131218.nasl - Type : ACT_GATHER_INFO |
2014-01-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-131220.nasl - Type : ACT_GATHER_INFO |
2014-01-14 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-013-03.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-262.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-263.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-264.nasl - Type : ACT_GATHER_INFO |
2013-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23164.nasl - Type : ACT_GATHER_INFO |
2013-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23215.nasl - Type : ACT_GATHER_INFO |
2013-12-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_47b4e713651311e3868f0025905a4771.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote web server uses a version of PHP that is potentially affected by a... File : php_5_5_7.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2816.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote web server uses a version of PHP that is potentially affected by m... File : php_5_3_28.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote web server uses a version of PHP that is potentially affected by a... File : php_5_4_23.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2055-1.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23208.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1814.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131211_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131211_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1814.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1813.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1813.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1814.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1813.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-11-08 13:32:04 |
|
2013-12-17 21:23:49 |
|
2013-12-17 13:21:57 |
|
2013-12-11 21:18:35 |
|