Vulnerabilities > CVE-2014-3587 - Numeric Errors vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

Vulnerable Configurations

Part Description Count
Application
Christos_Zoulas
20
Application
Php
620

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2369-1.NASL
    descriptionIt was discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78042
    published2014-10-03
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78042
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : file vulnerability (USN-2369-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2369-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78042);
      script_version("1.7");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-3587");
      script_bugtraq_id(69325);
      script_xref(name:"USN", value:"2369-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : file vulnerability (USN-2369-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that file incorrectly handled certain CDF documents.
    A attacker could use this issue to cause file to hang or crash,
    resulting in a denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2369-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected file package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:file");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|12\.04|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"file", pkgver:"5.03-5ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"file", pkgver:"5.09-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"file", pkgver:"1:5.14-2ubuntu3.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-67.NASL
    descriptionCVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem. A remote attacker could still cause a denial of service (CPU consumption) via a specially crafted input file that triggers backtracking during processing of an awk regular expression rule. CVE-2014-3587 It was discovered that the CDF parser of the fileinfo module does not properly process malformed files in the Composite Document File (CDF) format, leading to crashes. CVE-2014-3597 It was discovered that the original fix for CVE-2014-4049 did not completely address the issue. A malicious server or man-in-the-middle attacker could cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record. CVE-2014-4670 It was discovered that PHP incorrectly handled certain SPL Iterators. A local attacker could use this flaw to cause PHP to crash, resulting in a denial of service. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82212
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82212
    titleDebian DLA-67-1 : php5 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0760.NASL
    descriptionFrom Red Hat Security Advisory 2016:0760 : An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id91149
    published2016-05-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91149
    titleOracle Linux 6 : file (ELSA-2016-0760)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-167.NASL
    descriptionUpdated file packages fix security vulnerability : A flaw was found in the way file uses cdf_read_property_info function when checks stream offsets for certain Composite Document Format (CDF). An insufficient input validation flaw for p and q minimal and maximal value, leads to a pointer overflow. This issue only affects 32bit systems (CVE-2014-3587).
    last seen2020-06-01
    modified2020-06-02
    plugin id77646
    published2014-09-12
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77646
    titleMandriva Linux Security Advisory : file (MDVSA-2014:167)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2210-1.NASL
    descriptionThis update for php53 fixes the following issues : - security update : - CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] - CVE-2016-5399: Improper error handling in bzread() [bsc#991430] - CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93367
    published2016-09-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93367
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:2210-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2328-1.NASL
    descriptionThis update for php53 fixes the following security issues : - CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] - CVE-2016-5399: Improper error handling in bzread() [bsc#991430] - CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] - CVE-2016-7124: Create an Unexpected Object and Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93589
    published2016-09-19
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93589
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:2328-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2155.NASL
    descriptionUpdated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86973
    published2015-11-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86973
    titleRHEL 7 : file (RHSA-2015:2155)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9684.NASL
    description21 Aug 2014, PHP 5.5.16 Core : - Fixed bug #67693 (incorrect push to the empty array) (Tjerk) - Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) COM : - Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas). Fileinfo : - Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538) (Remi) - Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi) FPM : - Fixed bug #67635 (php links to systemd libraries without using pkg-config). (pacho at gentoo.org, Remi) GD : - Fixed bug #66901 (php-gd
    last seen2020-03-17
    modified2014-09-03
    plugin id77482
    published2014-09-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77482
    titleFedora 20 : php-5.5.16-1.fc20 (2014-9684)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2408-1.NASL
    descriptionThis update for php5 fixes the following security issues : - CVE-2016-6128: Invalid color index not properly handled [bsc#987580] - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] - CVE-2016-6292: NULL pointer dereference in exif_process_user_comment [bsc#991422] - CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424] - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] - CVE-2016-5399: Improper error handling in bzread() [bsc#991430] - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] - CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434] - CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] - CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] - CVE-2016-7124: Create an Unexpected Object and Don
    last seen2020-03-24
    modified2019-01-02
    plugin id119979
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119979
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2016:2408-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-172.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538). Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587). Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597). gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack \%00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function (CVE-2014-5120). The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.
    last seen2020-06-01
    modified2020-06-02
    plugin id77651
    published2014-09-12
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77651
    titleMandriva Linux Security Advisory : php (MDVSA-2014:172)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0050.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3538 (unrestricted regular expression matching) - fix #1284826 - try to read ELF header to detect corrupted one - fix #1263987 - fix bugs found by coverity in the patch - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571) - fix CVE-2014-3710 (out-of-bounds read in elf note headers) - fix CVE-2014-8116 (multiple DoS issues (resource consumption)) - fix CVE-2014-8117 (denial of service issue (resource consumption)) - fix CVE-2014-9620 (limit the number of ELF notes processed) - fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory) - fix #809898 - add support for detection of Python 2.7 byte-compiled files - fix #1263987 - fix coredump execfn detection on ppc64 and s390 - fix #966953 - include msooxml file in magic.mgc generation - fix #966953 - increate the strength of MSOOXML magic patterns - fix #1169509 - add support for Java 1.7 and 1.8 - fix #1243650 - comment out too-sensitive Pascal magic - fix #1080453 - remove .orig files from magic directory - fix #1161058 - add support for EPUB - fix #1162149 - remove parts of patches patching .orig files - fix #1154802 - fix detection of zip files containing file named mime - fix #1246073 - fix detection UTF8 and UTF16 encoded XML files - fix #1263987 - add new execfn to coredump output to show the real name of executable which generated the coredump - fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files - fix #966953 - backport support for MSOOXML
    last seen2020-06-01
    modified2020-06-02
    plugin id91155
    published2016-05-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91155
    titleOracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-080.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file
    last seen2020-06-01
    modified2020-06-02
    plugin id82333
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82333
    titleMandriva Linux Security Advisory : php (MDVSA-2015:080)
  • NASL familyCGI abuses
    NASL idPHP_5_6_0.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is a development version of 5.6.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not attempted to exploit this issue but has instead relied only on application
    last seen2020-06-01
    modified2020-06-02
    plugin id78556
    published2014-10-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78556
    titlePHP 5.6.0 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2344-1.NASL
    descriptionIt was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. (CVE-2014-3587) It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records. (CVE-2014-3597). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77602
    published2014-09-10
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77602
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-2344-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20151119_FILE_ON_SL7_X.NASL
    descriptionMultiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures.
    last seen2020-03-18
    modified2015-12-22
    plugin id87555
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87555
    titleScientific Linux Security Update : file on SL7.x x86_64 (20151119)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1156.NASL
    descriptionThis update for php5 fixes the following security issues : - CVE-2016-6128: Invalid color index not properly handled [bsc#987580] - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] - CVE-2016-6292: NULL pointer dereference in exif_process_user_comment [bsc#991422] - CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424] - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] - CVE-2016-5399: Improper error handling in bzread() [bsc#991430] - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] - CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434] - CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] - CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] - CVE-2016-7124: Create an Unexpected Object and Don
    last seen2020-06-05
    modified2016-10-05
    plugin id93856
    published2016-10-05
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93856
    titleopenSUSE Security Update : php5 (openSUSE-2016-1156)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82700
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82700
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3021.NASL
    descriptionMultiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.
    last seen2020-03-17
    modified2014-09-10
    plugin id77585
    published2014-09-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77585
    titleDebian DSA-3021-1 : file - security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140930_PHP53_AND_PHP_ON_SL5_X.NASL
    descriptionIt was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP
    last seen2020-03-18
    modified2014-10-14
    plugin id78419
    published2014-10-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78419
    titleScientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140930)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1326.NASL
    descriptionUpdated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id77995
    published2014-10-01
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77995
    titleCentOS 5 / 6 : php / php53 (CESA-2014:1326)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-2155.NASL
    descriptionUpdated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87137
    published2015-12-02
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87137
    titleCentOS 7 : file (CESA-2015:2155)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1327.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id78009
    published2014-10-01
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78009
    titleRHEL 7 : php (RHSA-2014:1327)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1326.NASL
    descriptionFrom Red Hat Security Advisory 2014:1326 : Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id78004
    published2014-10-01
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78004
    titleOracle Linux 5 / 6 : php / php53 (ELSA-2014-1326)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1327.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id77996
    published2014-10-01
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77996
    titleCentOS 7 : php (CESA-2014:1327)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-50.NASL
    descriptionCVE-2014-3538 file does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption). CVE-2014-3587 Integer overflow in the cdf_read_property_info function in cdf.c allows remote attackers to cause a denial of service (application crash). Note: The other seven issues for wheezy, fixed in 5.11-2+deb7u4 (DSA-3021-1), were already handled in 5.04-5+squeeze6 (DLA 27-1) in July 2014. Also, as an amendment, as a side effect of the changes done back then then, the MIME type detection of some files had improved from
    last seen2020-03-17
    modified2015-03-26
    plugin id82197
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82197
    titleDebian DLA-50-1 : file security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1327.NASL
    descriptionFrom Red Hat Security Advisory 2014:1327 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id78005
    published2014-10-01
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78005
    titleOracle Linux 7 : php (ELSA-2014-1327)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-2155.NASL
    descriptionFrom Red Hat Security Advisory 2015:2155 : Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87027
    published2015-11-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87027
    titleOracle Linux 7 : file (ELSA-2015-2155)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9712.NASL
    descriptionFix for CVE-2014-3587. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-25
    plugin id77363
    published2014-08-25
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77363
    titleFedora 20 : file-5.19-4.fc20 (2014-9712)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-247-01.NASL
    descriptionNew php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77543
    published2014-09-05
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77543
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : php (SSA:2014-247-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1326.NASL
    descriptionUpdated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id77980
    published2014-09-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77980
    titleRHEL 5 / 6 : php53 and php (RHSA-2014:1326)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9679.NASL
    description21 Aug 2014, PHP 5.5.16 Core : - Fixed bug #67693 (incorrect push to the empty array) (Tjerk) - Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) COM : - Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas). Fileinfo : - Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538) (Remi) - Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi) FPM : - Fixed bug #67635 (php links to systemd libraries without using pkg-config). (pacho at gentoo.org, Remi) GD : - Fixed bug #66901 (php-gd
    last seen2020-03-17
    modified2014-09-03
    plugin id77481
    published2014-09-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77481
    titleFedora 19 : php-5.5.16-1.fc19 (2014-9679)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1424.NASL
    descriptionAccording to the versions of the file packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2013-7345) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3479) - An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.(CVE-2014-9652) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0207) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3480) - It was found that the fix for CVE-2012-1571 was incomplete the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3587) - A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash.(CVE-2014-3478) - Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2014-3538) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3487) - A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.(CVE-2014-2270) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of system resources.(CVE-2014-8117) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0237) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory.(CVE-2014-9653) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0238) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124927
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124927
    titleEulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82699
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82699
    titleMac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0760.NASL
    descriptionAn update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id91167
    published2016-05-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91167
    titleCentOS 6 : file (CESA-2016:0760)
  • NASL familyCGI abuses
    NASL idPHP_5_5_16.NASL
    descriptionAccording to its banner, the remote web server is running a version of PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its
    last seen2020-06-01
    modified2020-06-02
    plugin id77403
    published2014-08-27
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77403
    titlePHP 5.5.x < 5.5.16 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0760.NASL
    descriptionAn update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id91074
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91074
    titleRHEL 6 : file (RHSA-2016:0760)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160510_FILE_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) - A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) - Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)
    last seen2020-03-18
    modified2016-06-09
    plugin id91537
    published2016-06-09
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91537
    titleScientific Linux Security Update : file on SL6.x i386/x86_64 (20160510)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-398.NASL
    descriptionInteger overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 .
    last seen2020-06-01
    modified2020-06-02
    plugin id78341
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78341
    titleAmazon Linux AMI : file (ALAS-2014-398)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-415.NASL
    descriptionA denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 .
    last seen2020-06-01
    modified2020-06-02
    plugin id78358
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78358
    titleAmazon Linux AMI : php55 (ALAS-2014-415)
  • NASL familyCGI abuses
    NASL idPHP_5_4_32.NASL
    descriptionAccording to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its
    last seen2020-06-01
    modified2020-06-02
    plugin id77402
    published2014-08-27
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77402
    titlePHP 5.4.x < 5.4.32 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3008.NASL
    descriptionSeveral vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem. A remote attacker could still cause a denial of service (CPU consumption) via a specially crafted input file that triggers backtracking during processing of an awk regular expression rule. - CVE-2014-3587 It was discovered that the CDF parser of the fileinfo module does not properly process malformed files in the Composite Document File (CDF) format, leading to crashes. - CVE-2014-3597 It was discovered that the original fix for CVE-2014-4049 did not completely address the issue. A malicious server or man-in-the-middle attacker could cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record. - CVE-2014-4670 It was discovered that PHP incorrectly handled certain SPL Iterators. A local attacker could use this flaw to cause PHP to crash, resulting in a denial of service.
    last seen2020-03-17
    modified2014-08-22
    plugin id77307
    published2014-08-22
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77307
    titleDebian DSA-3008-1 : php5 - security update

Redhat

advisories
  • rhsa
    idRHSA-2014:1326
  • rhsa
    idRHSA-2014:1327
  • rhsa
    idRHSA-2014:1765
  • rhsa
    idRHSA-2014:1766
  • rhsa
    idRHSA-2016:0760
rpms
  • php-0:5.3.3-27.el6_5.2
  • php-bcmath-0:5.3.3-27.el6_5.2
  • php-cli-0:5.3.3-27.el6_5.2
  • php-common-0:5.3.3-27.el6_5.2
  • php-dba-0:5.3.3-27.el6_5.2
  • php-debuginfo-0:5.3.3-27.el6_5.2
  • php-devel-0:5.3.3-27.el6_5.2
  • php-embedded-0:5.3.3-27.el6_5.2
  • php-enchant-0:5.3.3-27.el6_5.2
  • php-fpm-0:5.3.3-27.el6_5.2
  • php-gd-0:5.3.3-27.el6_5.2
  • php-imap-0:5.3.3-27.el6_5.2
  • php-intl-0:5.3.3-27.el6_5.2
  • php-ldap-0:5.3.3-27.el6_5.2
  • php-mbstring-0:5.3.3-27.el6_5.2
  • php-mysql-0:5.3.3-27.el6_5.2
  • php-odbc-0:5.3.3-27.el6_5.2
  • php-pdo-0:5.3.3-27.el6_5.2
  • php-pgsql-0:5.3.3-27.el6_5.2
  • php-process-0:5.3.3-27.el6_5.2
  • php-pspell-0:5.3.3-27.el6_5.2
  • php-recode-0:5.3.3-27.el6_5.2
  • php-snmp-0:5.3.3-27.el6_5.2
  • php-soap-0:5.3.3-27.el6_5.2
  • php-tidy-0:5.3.3-27.el6_5.2
  • php-xml-0:5.3.3-27.el6_5.2
  • php-xmlrpc-0:5.3.3-27.el6_5.2
  • php-zts-0:5.3.3-27.el6_5.2
  • php53-0:5.3.3-24.el5
  • php53-bcmath-0:5.3.3-24.el5
  • php53-cli-0:5.3.3-24.el5
  • php53-common-0:5.3.3-24.el5
  • php53-dba-0:5.3.3-24.el5
  • php53-debuginfo-0:5.3.3-24.el5
  • php53-devel-0:5.3.3-24.el5
  • php53-gd-0:5.3.3-24.el5
  • php53-imap-0:5.3.3-24.el5
  • php53-intl-0:5.3.3-24.el5
  • php53-ldap-0:5.3.3-24.el5
  • php53-mbstring-0:5.3.3-24.el5
  • php53-mysql-0:5.3.3-24.el5
  • php53-odbc-0:5.3.3-24.el5
  • php53-pdo-0:5.3.3-24.el5
  • php53-pgsql-0:5.3.3-24.el5
  • php53-process-0:5.3.3-24.el5
  • php53-pspell-0:5.3.3-24.el5
  • php53-snmp-0:5.3.3-24.el5
  • php53-soap-0:5.3.3-24.el5
  • php53-xml-0:5.3.3-24.el5
  • php53-xmlrpc-0:5.3.3-24.el5
  • php-0:5.4.16-23.el7_0.1
  • php-bcmath-0:5.4.16-23.el7_0.1
  • php-cli-0:5.4.16-23.el7_0.1
  • php-common-0:5.4.16-23.el7_0.1
  • php-dba-0:5.4.16-23.el7_0.1
  • php-debuginfo-0:5.4.16-23.el7_0.1
  • php-devel-0:5.4.16-23.el7_0.1
  • php-embedded-0:5.4.16-23.el7_0.1
  • php-enchant-0:5.4.16-23.el7_0.1
  • php-fpm-0:5.4.16-23.el7_0.1
  • php-gd-0:5.4.16-23.el7_0.1
  • php-intl-0:5.4.16-23.el7_0.1
  • php-ldap-0:5.4.16-23.el7_0.1
  • php-mbstring-0:5.4.16-23.el7_0.1
  • php-mysql-0:5.4.16-23.el7_0.1
  • php-mysqlnd-0:5.4.16-23.el7_0.1
  • php-odbc-0:5.4.16-23.el7_0.1
  • php-pdo-0:5.4.16-23.el7_0.1
  • php-pgsql-0:5.4.16-23.el7_0.1
  • php-process-0:5.4.16-23.el7_0.1
  • php-pspell-0:5.4.16-23.el7_0.1
  • php-recode-0:5.4.16-23.el7_0.1
  • php-snmp-0:5.4.16-23.el7_0.1
  • php-soap-0:5.4.16-23.el7_0.1
  • php-xml-0:5.4.16-23.el7_0.1
  • php-xmlrpc-0:5.4.16-23.el7_0.1
  • php54-php-0:5.4.16-22.el6
  • php54-php-0:5.4.16-22.el7
  • php54-php-bcmath-0:5.4.16-22.el6
  • php54-php-bcmath-0:5.4.16-22.el7
  • php54-php-cli-0:5.4.16-22.el6
  • php54-php-cli-0:5.4.16-22.el7
  • php54-php-common-0:5.4.16-22.el6
  • php54-php-common-0:5.4.16-22.el7
  • php54-php-dba-0:5.4.16-22.el6
  • php54-php-dba-0:5.4.16-22.el7
  • php54-php-debuginfo-0:5.4.16-22.el6
  • php54-php-debuginfo-0:5.4.16-22.el7
  • php54-php-devel-0:5.4.16-22.el6
  • php54-php-devel-0:5.4.16-22.el7
  • php54-php-enchant-0:5.4.16-22.el6
  • php54-php-enchant-0:5.4.16-22.el7
  • php54-php-fpm-0:5.4.16-22.el6
  • php54-php-fpm-0:5.4.16-22.el7
  • php54-php-gd-0:5.4.16-22.el6
  • php54-php-gd-0:5.4.16-22.el7
  • php54-php-imap-0:5.4.16-22.el6
  • php54-php-intl-0:5.4.16-22.el6
  • php54-php-intl-0:5.4.16-22.el7
  • php54-php-ldap-0:5.4.16-22.el6
  • php54-php-ldap-0:5.4.16-22.el7
  • php54-php-mbstring-0:5.4.16-22.el6
  • php54-php-mbstring-0:5.4.16-22.el7
  • php54-php-mysqlnd-0:5.4.16-22.el6
  • php54-php-mysqlnd-0:5.4.16-22.el7
  • php54-php-odbc-0:5.4.16-22.el6
  • php54-php-odbc-0:5.4.16-22.el7
  • php54-php-pdo-0:5.4.16-22.el6
  • php54-php-pdo-0:5.4.16-22.el7
  • php54-php-pgsql-0:5.4.16-22.el6
  • php54-php-pgsql-0:5.4.16-22.el7
  • php54-php-process-0:5.4.16-22.el6
  • php54-php-process-0:5.4.16-22.el7
  • php54-php-pspell-0:5.4.16-22.el6
  • php54-php-pspell-0:5.4.16-22.el7
  • php54-php-recode-0:5.4.16-22.el6
  • php54-php-recode-0:5.4.16-22.el7
  • php54-php-snmp-0:5.4.16-22.el6
  • php54-php-snmp-0:5.4.16-22.el7
  • php54-php-soap-0:5.4.16-22.el6
  • php54-php-soap-0:5.4.16-22.el7
  • php54-php-tidy-0:5.4.16-22.el6
  • php54-php-xml-0:5.4.16-22.el6
  • php54-php-xml-0:5.4.16-22.el7
  • php54-php-xmlrpc-0:5.4.16-22.el6
  • php54-php-xmlrpc-0:5.4.16-22.el7
  • php55-php-0:5.5.6-13.el6
  • php55-php-0:5.5.6-13.el7
  • php55-php-bcmath-0:5.5.6-13.el6
  • php55-php-bcmath-0:5.5.6-13.el7
  • php55-php-cli-0:5.5.6-13.el6
  • php55-php-cli-0:5.5.6-13.el7
  • php55-php-common-0:5.5.6-13.el6
  • php55-php-common-0:5.5.6-13.el7
  • php55-php-dba-0:5.5.6-13.el6
  • php55-php-dba-0:5.5.6-13.el7
  • php55-php-debuginfo-0:5.5.6-13.el6
  • php55-php-debuginfo-0:5.5.6-13.el7
  • php55-php-devel-0:5.5.6-13.el6
  • php55-php-devel-0:5.5.6-13.el7
  • php55-php-enchant-0:5.5.6-13.el6
  • php55-php-enchant-0:5.5.6-13.el7
  • php55-php-fpm-0:5.5.6-13.el6
  • php55-php-fpm-0:5.5.6-13.el7
  • php55-php-gd-0:5.5.6-13.el6
  • php55-php-gd-0:5.5.6-13.el7
  • php55-php-gmp-0:5.5.6-13.el6
  • php55-php-gmp-0:5.5.6-13.el7
  • php55-php-imap-0:5.5.6-13.el6
  • php55-php-intl-0:5.5.6-13.el6
  • php55-php-intl-0:5.5.6-13.el7
  • php55-php-ldap-0:5.5.6-13.el6
  • php55-php-ldap-0:5.5.6-13.el7
  • php55-php-mbstring-0:5.5.6-13.el6
  • php55-php-mbstring-0:5.5.6-13.el7
  • php55-php-mysqlnd-0:5.5.6-13.el6
  • php55-php-mysqlnd-0:5.5.6-13.el7
  • php55-php-odbc-0:5.5.6-13.el6
  • php55-php-odbc-0:5.5.6-13.el7
  • php55-php-opcache-0:5.5.6-13.el6
  • php55-php-opcache-0:5.5.6-13.el7
  • php55-php-pdo-0:5.5.6-13.el6
  • php55-php-pdo-0:5.5.6-13.el7
  • php55-php-pgsql-0:5.5.6-13.el6
  • php55-php-pgsql-0:5.5.6-13.el7
  • php55-php-process-0:5.5.6-13.el6
  • php55-php-process-0:5.5.6-13.el7
  • php55-php-pspell-0:5.5.6-13.el6
  • php55-php-pspell-0:5.5.6-13.el7
  • php55-php-recode-0:5.5.6-13.el6
  • php55-php-recode-0:5.5.6-13.el7
  • php55-php-snmp-0:5.5.6-13.el6
  • php55-php-snmp-0:5.5.6-13.el7
  • php55-php-soap-0:5.5.6-13.el6
  • php55-php-soap-0:5.5.6-13.el7
  • php55-php-tidy-0:5.5.6-13.el6
  • php55-php-xml-0:5.5.6-13.el6
  • php55-php-xml-0:5.5.6-13.el7
  • php55-php-xmlrpc-0:5.5.6-13.el6
  • php55-php-xmlrpc-0:5.5.6-13.el7
  • file-0:5.11-31.el7
  • file-debuginfo-0:5.11-31.el7
  • file-devel-0:5.11-31.el7
  • file-libs-0:5.11-31.el7
  • file-static-0:5.11-31.el7
  • python-magic-0:5.11-31.el7
  • file-0:5.04-30.el6
  • file-debuginfo-0:5.04-30.el6
  • file-devel-0:5.04-30.el6
  • file-libs-0:5.04-30.el6
  • file-static-0:5.04-30.el6
  • python-magic-0:5.04-30.el6