Vulnerabilities > CVE-2013-6420 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
| description | PHP openssl_x509_parse() - Memory Corruption Vulnerability. CVE-2013-6420. Dos exploit for php platform |
| id | EDB-ID:30395 |
| last seen | 2016-02-03 |
| modified | 2013-12-17 |
| published | 2013-12-17 |
| reporter | Stefan Esser |
| source | https://www.exploit-db.com/download/30395/ |
| title | PHP openssl_x509_parse - Memory Corruption Vulnerability |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_47B4E713651311E3868F0025905A4771.NASL description Stefan Esser reports : The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution. Depending on how openssl_x509_parse() is used within a PHP application the attack requires either a malicious cert signed by a compromised/malicious CA or can be carried out with a self-signed cert. last seen 2020-06-01 modified 2020-06-02 plugin id 71451 published 2013-12-16 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71451 title FreeBSD : PHP5 -- memory corruption in openssl_x509_parse() (47b4e713-6513-11e3-868f-0025905a4771) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(71451); script_version("1.3"); script_cvs_date("Date: 2018/11/10 11:49:43"); script_cve_id("CVE-2013-6420"); script_name(english:"FreeBSD : PHP5 -- memory corruption in openssl_x509_parse() (47b4e713-6513-11e3-868f-0025905a4771)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Stefan Esser reports : The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution. Depending on how openssl_x509_parse() is used within a PHP application the attack requires either a malicious cert signed by a compromised/malicious CA or can be carried out with a self-signed cert." ); # https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c851f14b" ); # https://vuxml.freebsd.org/freebsd/47b4e713-6513-11e3-868f-0025905a4771.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3a0b0bfa" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php55"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/13"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"php5>=5.4.0<5.4.23")) flag++; if (pkg_test(save_report:TRUE, pkg:"php53<5.3.28")) flag++; if (pkg_test(save_report:TRUE, pkg:"php55>=5.5.0<5.5.7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Scientific Linux Local Security Checks NASL id SL_20131211_PHP53_AND_PHP_ON_SL5_X.NASL description A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-03-18 modified 2013-12-12 plugin id 71372 published 2013-12-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71372 title Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20131211) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(71372); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6420"); script_name(english:"Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20131211)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=3844 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?943e525c" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php-zts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"php53-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-bcmath-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-cli-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-common-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-dba-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-debuginfo-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-devel-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-gd-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-imap-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-intl-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-ldap-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-mbstring-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-mysql-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-odbc-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-pdo-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-pgsql-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-process-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-pspell-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-snmp-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-soap-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-xml-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"php53-xmlrpc-5.3.3-22.el5_10")) flag++; if (rpm_check(release:"SL6", reference:"php-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-bcmath-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-cli-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-common-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-dba-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-debuginfo-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-devel-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-embedded-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-enchant-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-fpm-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-gd-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-imap-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-intl-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-ldap-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-mbstring-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-mysql-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-odbc-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-pdo-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-pgsql-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-process-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-pspell-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-recode-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-snmp-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-soap-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-tidy-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-xml-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-xmlrpc-5.3.3-27.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"php-zts-5.3.3-27.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2816.NASL description Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse(). - CVE-2013-6712 Creating DateInterval objects from parsed ISO dates was not properly restricted, which allowed to cause a denial of service. In addition, the update for Debian 7 last seen 2020-03-17 modified 2013-12-14 plugin id 71402 published 2013-12-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71402 title Debian DSA-2816-1 : php5 - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0064-1.NASL description This update fixes the following issues : - memory corruption in openssl_parse_x509 (CVE-2013-6420) - Heap buffer over-read in DateInterval (CVE-2013-6712) - man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83607 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83607 title SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-23164.NASL description 12 Dec 2013, PHP 5.5.7 CLI server : - Added some MIME types to the CLI web server (Chris Jones) - Implemented FR #65917 (getallheaders() is not supported by the built-in web server) - also implements apache_response_headers() (Andrea Faulds) Core : - Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) OPCache - Fixed bug #66176 (Invalid constant substitution). (Dmitry) - Fixed bug #65915 (Inconsistent results with require return value). (Dmitry) - Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry) OpenSSL : - Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). readline - Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi) Backported from 5.5.8 : - fix zend_register_functions breaks reflection, php bug 66218 - fix Heap buffer over-read in DateInterval, php bug 66060 - fix fix overflow handling bug in non-x86 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-20 plugin id 71549 published 2013-12-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71549 title Fedora 20 : php-5.5.7-1.fc20 (2013-23164) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-264.NASL description A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. last seen 2020-06-01 modified 2020-06-02 plugin id 71576 published 2013-12-23 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71576 title Amazon Linux AMI : php55 (ALAS-2013-264) NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP5-131220.NASL description This update fixes the following issues : - memory corruption in openssl_parse_x509. (CVE-2013-6420) - man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) last seen 2020-06-05 modified 2014-01-15 plugin id 71964 published 2014-01-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71964 title SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8710) NASL family CGI abuses NASL id PHP_5_5_7.NASL description According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.7. It is, therefore, potentially affected by a memory corruption flaw in the way the openssl_x509_parse() function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious, self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function. This could cause the application to crash or possibly allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP last seen 2020-06-01 modified 2020-06-02 plugin id 71428 published 2013-12-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71428 title PHP 5.5.x < 5.5.7 OpenSSL openssl_x509_parse() Memory Corruption NASL family Scientific Linux Local Security Checks NASL id SL_20131211_PHP_ON_SL5_X.NASL description A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-03-18 modified 2013-12-12 plugin id 71373 published 2013-12-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71373 title Scientific Linux Security Update : php on SL5.x i386/x86_64 (20131211) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1825.NASL description Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 and 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78987 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78987 title RHEL 5 : php53 (RHSA-2013:1825) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1814.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71356 published 2013-12-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71356 title CentOS 5 : php (CESA-2013:1814) NASL family Web Servers NASL id HPSMH_7_4.NASL description According to the web server last seen 2020-06-01 modified 2020-06-02 plugin id 78090 published 2014-10-08 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78090 title HP System Management Homepage < 7.4 Multiple Vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-263.NASL description A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. last seen 2020-06-01 modified 2020-06-02 plugin id 71575 published 2013-12-23 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71575 title Amazon Linux AMI : php54 (ALAS-2013-263) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1824.NASL description Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 5.9, 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 78986 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78986 title RHEL 5 / 6 : php (RHSA-2013:1824) NASL family Fedora Local Security Checks NASL id FEDORA_2013-23208.NASL description 12 Dec 2013, PHP 5.5.7 CLI server : - Added some MIME types to the CLI web server (Chris Jones) - Implemented FR #65917 (getallheaders() is not supported by the built-in web server) - also implements apache_response_headers() (Andrea Faulds) Core : - Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) OPCache - Fixed bug #66176 (Invalid constant substitution). (Dmitry) - Fixed bug #65915 (Inconsistent results with require return value). (Dmitry) - Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry) OpenSSL : - Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). readline - Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi) Backported from 5.5.8 : - fix zend_register_functions breaks reflection, php bug 66218 - fix Heap buffer over-read in DateInterval, php bug 66060 - fix fix overflow handling bug in non-x86 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-13 plugin id 71386 published 2013-12-13 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71386 title Fedora 19 : php-5.5.7-1.fc19 (2013-23208) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1814.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71337 published 2013-12-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71337 title RHEL 5 : php (RHSA-2013:1814) NASL family MacOS X Local Security Checks NASL id MACOSX_10_9_2.NASL description The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72687 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72687 title Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1813.NASL description From Red Hat Security Advisory 2013:1813 : Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 and php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71334 published 2013-12-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71334 title Oracle Linux 5 / 6 : php / php53 (ELSA-2013-1813) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-1032.NASL description - security update - CVE-2013-6420.patch [bnc#854880] - CVE-2013-6712.patch [bnc#853045] - CVE-2013-4248.patch [bnc#837746] last seen 2020-06-05 modified 2014-06-13 plugin id 74876 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74876 title openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-262.NASL description The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. last seen 2020-06-01 modified 2020-06-02 plugin id 71574 published 2013-12-23 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71574 title Amazon Linux AMI : php (ALAS-2013-262) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1814.NASL description From Red Hat Security Advisory 2013:1814 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71367 published 2013-12-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71367 title Oracle Linux 5 : php (ELSA-2013-1814) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2055-1.NASL description Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6420) It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2013-6712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 71394 published 2013-12-13 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71394 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-23215.NASL description 28 Nov 2013, PHP 5.4.23 Core : - Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) - Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) JSON - Fixed whitespace part of bug #64874 ( last seen 2020-03-17 modified 2013-12-20 plugin id 71552 published 2013-12-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71552 title Fedora 18 : php-5.4.23-1.fc18 (2013-23215) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1813.NASL description Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 and php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71355 published 2013-12-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71355 title CentOS 5 / 6 : php / php53 (CESA-2013:1813) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10804.NASL description According to its self-reported version number and configuration, the remote Juniper Junos device is affected by multiple vulnerabilities in the included PHP version : - An unspecified flaw exists in the SQLite extension that allows an unauthenticated, remote attacker to bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 102079 published 2017-07-31 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102079 title Juniper Junos PHP multiple vulnerabilities (JSA10804) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1813.NASL description Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 and php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71336 published 2013-12-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71336 title RHEL 5 / 6 : php53 and php (RHSA-2013:1813) NASL family CGI abuses NASL id PHP_5_4_23.NASL description According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.23. It is, therefore, potentially affected by a memory corruption flaw in the way the openssl_x509_parse() function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious, self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function. This could cause the application to crash or possibly allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP last seen 2020-06-01 modified 2020-06-02 plugin id 71427 published 2013-12-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71427 title PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1545.NASL description According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4147) - An invalid free flaw was found in the way PHP last seen 2020-06-01 modified 2020-06-02 plugin id 124998 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124998 title EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-013-03.NASL description New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 71931 published 2014-01-14 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71931 title Slackware 14.0 / 14.1 / current : php (SSA:2014-013-03) NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP53-131218.NASL description This update fixes the following issues : - memory corruption in openssl_parse_x509. (CVE-2013-6420) - Heap buffer over-read in DateInterval. (CVE-2013-6712) - man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) last seen 2020-06-05 modified 2014-01-15 plugin id 71965 published 2014-01-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71965 title SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-11.NASL description The remote host is affected by the vulnerability described in GLSA-201408-11 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77455 published 2014-08-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77455 title GLSA-201408-11 : PHP: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS11_PHP_20140522.NASL description The remote Solaris system is missing necessary patches to address security updates : - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 80737 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80737 title Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation) NASL family CGI abuses NASL id PHP_5_3_28.NASL description According to its banner, the version of PHP installed on the remote host is 5.3.x prior to 5.3.28. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists in the PHP OpenSSL extension last seen 2020-06-01 modified 2020-06-02 plugin id 71426 published 2013-12-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71426 title PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2014-001.NASL description The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date and Time - File Bookmark - ImageIO - IOSerialFamily - LaunchServices - NVIDIA Drivers - PHP - QuickLook - QuickTime - Secure Transport Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72688 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72688 title Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-014.NASL description Multiple vulnerabilities has been discovered and corrected in php : The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 72082 published 2014-01-22 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72082 title Mandriva Linux Security Advisory : php (MDVSA-2014:014)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/124436/phpx509parse-corrupt.txt |
| id | PACKETSTORM:124436 |
| last seen | 2016-12-05 |
| published | 2013-12-15 |
| reporter | Stefan Esser |
| source | https://packetstormsecurity.com/files/124436/PHP-openssl_x509_parse-Memory-Corruption.html |
| title | PHP openssl_x509_parse() Memory Corruption |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description BUGTRAQ ID: 64225 CVE(CAN) ID: CVE-2013-6420 PHP 5.3.27之前版本、5.4.22之前版本、5.5.6之前版本解析x.509证书时,"asn1_time_to_time_t()"函数(ext/openssl/openssl.c)出错,攻击者通过特制的x.509证书利用此漏洞可破坏内存。 0 PHP PHP 5.5.x PHP PHP 5.4.x PHP PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net http://www.php.net/downloads.php http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415 http://git.php.net/?p=php-src.git;a=blobdiff;f=NEWS;h=8abf65e05b0298a6f2dba9439c9513919234766f;hp=70461d97d85c65e01e739514923303b09257f65f;hb=c1224573c773b6845e83505f717fbf820fc18415;hpb=32873cd0ddea7df8062213bb025beb6fb070e59d id SSV:61173 last seen 2017-11-19 modified 2013-12-18 published 2013-12-18 reporter Root source https://www.seebug.org/vuldb/ssvid-61173 title PHP OpenSSL Extension 'openssl_x509_parse()'内存破坏漏洞 bulletinFamily exploit description No description provided by source. id SSV:83792 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-83792 title PHP openssl_x509_parse() - Memory Corruption Vulnerability
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1036830
- http://www.php.net/ChangeLog-5.php
- https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html
- http://www.securitytracker.com/id/1029472
- http://support.apple.com/kb/HT6150
- http://secunia.com/advisories/59652
- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322
- http://www.securityfocus.com/bid/64225
- http://www.ubuntu.com/usn/USN-2055-1
- http://www.debian.org/security/2013/dsa-2816
- http://rhn.redhat.com/errata/RHSA-2013-1826.html
- http://rhn.redhat.com/errata/RHSA-2013-1825.html
- http://rhn.redhat.com/errata/RHSA-2013-1824.html
- http://rhn.redhat.com/errata/RHSA-2013-1815.html
- http://rhn.redhat.com/errata/RHSA-2013-1813.html
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415
- http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21