Vulnerabilities > CVE-2014-4698 - Unspecified vulnerability in PHP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN php
nessus
Summary
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-MOD_PHP53-140720.NASL description PHP 5.3 has been updated to fix several security problems : - The SPL component in PHP incorrectly anticipated that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to last seen 2020-06-05 modified 2014-07-30 plugin id 76909 published 2014-07-30 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76909 title SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(76909); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-4670", "CVE-2014-4698", "CVE-2014-4721"); script_name(english:"SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "PHP 5.3 has been updated to fix several security problems : - The SPL component in PHP incorrectly anticipated that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage. (CVE-2014-3515) - The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. (CVE-2014-0207) - Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. (CVE-2014-3478) - The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP relied on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. (CVE-2014-3479) - The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file. (CVE-2014-3480) - The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file. (CVE-2014-3487) - Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. (CVE-2014-4670) - Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. (CVE-2014-4698) - The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. (CVE-2014-4721)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884986" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884987" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884989" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884990" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884991" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=884992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=885961" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=886059" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=886060" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0207.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3478.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3479.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3480.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3487.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-4670.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-4698.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-4721.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9537."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:php53-zlib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLES11", sp:3, reference:"apache2-mod_php53-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-bcmath-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-bz2-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-calendar-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ctype-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-curl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-dba-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-dom-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-exif-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-fastcgi-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-fileinfo-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ftp-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gd-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gettext-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-gmp-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-iconv-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-intl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-json-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-ldap-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mbstring-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mcrypt-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-mysql-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-odbc-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-openssl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pcntl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pdo-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pear-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pgsql-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-pspell-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-shmop-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-snmp-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-soap-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-suhosin-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvmsg-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvsem-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-sysvshm-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-tokenizer-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-wddx-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlreader-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlrpc-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xmlwriter-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-xsl-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-zip-5.3.17-0.27.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"php53-zlib-5.3.17-0.27.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-080.NASL description Multiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file last seen 2020-06-01 modified 2020-06-02 plugin id 82333 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82333 title Mandriva Linux Security Advisory : php (MDVSA-2015:080) NASL family CGI abuses NASL id PHP_5_6_0.NASL description According to its banner, the version of PHP installed on the remote host is a development version of 5.6.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not attempted to exploit this issue but has instead relied only on application last seen 2020-06-01 modified 2020-06-02 plugin id 78556 published 2014-10-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78556 title PHP 5.6.0 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1638-1.NASL description This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don last seen 2020-06-01 modified 2020-06-02 plugin id 93161 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93161 title SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) NASL family CGI abuses NASL id PHP_5_5_15.NASL description According to its banner, the version of PHP 5.5.x in use on the remote web server is a version prior to 5.5.15. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the file last seen 2020-06-01 modified 2020-06-02 plugin id 76772 published 2014-07-25 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76772 title PHP 5.5.x < 5.5.15 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-004.NASL description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 82700 published 2015-04-10 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82700 title Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK) NASL family Scientific Linux Local Security Checks NASL id SL_20140930_PHP53_AND_PHP_ON_SL5_X.NASL description It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP last seen 2020-03-18 modified 2014-10-14 plugin id 78419 published 2014-10-14 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78419 title Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140930) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1326.NASL description Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP last seen 2020-06-01 modified 2020-06-02 plugin id 77995 published 2014-10-01 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77995 title CentOS 5 / 6 : php / php53 (CESA-2014:1326) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1327.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP last seen 2020-06-01 modified 2020-06-02 plugin id 78009 published 2014-10-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78009 title RHEL 7 : php (RHSA-2014:1327) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1326.NASL description From Red Hat Security Advisory 2014:1326 : Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP last seen 2020-06-01 modified 2020-06-02 plugin id 78004 published 2014-10-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78004 title Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1326) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1327.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP last seen 2020-06-01 modified 2020-06-02 plugin id 77996 published 2014-10-01 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77996 title CentOS 7 : php (CESA-2014:1327) NASL family SuSE Local Security Checks NASL id SUSE_12_3_OPENSUSE-2014--140721.NASL description php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. last seen 2017-10-29 modified 2014-08-08 plugin id 76929 published 2014-07-31 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=76929 title openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1) NASL family SuSE Local Security Checks NASL id SUSE_13_1_OPENSUSE-2014--140721.NASL description php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. last seen 2017-10-29 modified 2014-08-08 plugin id 76932 published 2014-07-31 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=76932 title openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1327.NASL description From Red Hat Security Advisory 2014:1327 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP last seen 2020-06-01 modified 2020-06-02 plugin id 78005 published 2014-10-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78005 title Oracle Linux 7 : php (ELSA-2014-1327) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-247-01.NASL description New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77543 published 2014-09-05 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77543 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : php (SSA:2014-247-01) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1326.NASL description Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP last seen 2020-06-01 modified 2020-06-02 plugin id 77980 published 2014-09-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77980 title RHEL 5 / 6 : php53 and php (RHSA-2014:1326) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-471.NASL description php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a last seen 2020-06-05 modified 2014-08-01 plugin id 76957 published 2014-08-01 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76957 title openSUSE Security Update : php5 (openSUSE-2014-471) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-149.NASL description Multiple vulnerabilities has been discovered and corrected in php : Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698). Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The updated php packages have been upgraded to the 5.5.15 version and patched to resolve these security flaws. Additionally, the jsonc extension has been upgraded to the 1.3.6 version and the PECL packages which requires so has been rebuilt for php-5.5.15. last seen 2020-06-01 modified 2020-06-02 plugin id 77037 published 2014-08-07 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77037 title Mandriva Linux Security Advisory : php (MDVSA-2014:149) NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_3.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 82699 published 2015-04-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82699 title Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2276-1.NASL description Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) Stefan Esser discovered that PHP incorrectly handled unserializing SPL extension objects. An attacker could use this issue to execute arbitrary code. (CVE-2014-3515) It was discovered that PHP incorrectly handled certain SPL Iterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4670) It was discovered that PHP incorrectly handled certain ArrayIterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4698) Stefan Esser discovered that PHP incorrectly handled variable types when calling phpinfo(). An attacker could use this issue to possibly gain access to arbitrary memory, possibly containing sensitive information. (CVE-2014-4721). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 76451 published 2014-07-10 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76451 title Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2276-1) NASL family CGI abuses NASL id PHP_5_4_32.NASL description According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its last seen 2020-06-01 modified 2020-06-02 plugin id 77402 published 2014-08-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77402 title PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugs.php.net/bug.php?id=67539
- http://secunia.com/advisories/59831
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html
- http://rhn.redhat.com/errata/RHSA-2014-1327.html
- http://rhn.redhat.com/errata/RHSA-2014-1326.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
- https://support.apple.com/HT204659
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21683486
- http://secunia.com/advisories/54553