Vulnerabilities > CVE-2014-9425
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Vulnerable Configurations
Nessus
NASL family CGI abuses NASL id PHP_5_6_5.NASL description According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.5. It is, therefore, affected by multiple vulnerabilities: - A double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine could allow a remote attacker to cause a denial of service. (CVE-2014-9425) - An out-of-bounds read flaw in file last seen 2020-06-01 modified 2020-06-02 plugin id 81082 published 2015-01-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81082 title PHP 5.6.x < 5.6.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(81082); script_version("1.18"); script_cvs_date("Date: 2019/03/27 13:17:50"); script_cve_id( "CVE-2014-9425", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232" ); script_bugtraq_id( 71800, 71833, 72505, 72539, 72541, 73306 ); script_name(english:"PHP 5.6.x < 5.6.5 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.5. It is, therefore, affected by multiple vulnerabilities: - A double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine could allow a remote attacker to cause a denial of service. (CVE-2014-9425) - An out-of-bounds read flaw in file 'cgi_main.c' exists when nmap is used to process an invalid file that begins with a hash character (#) but lacks a newline character. A remote attacker, using a specially crafted PHP file, can exploit this vulnerability to disclose memory contents, cause a denial of service, or possibly execute code. (CVE-2014-9427) - The mconvert function in softmagic.c does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which could allow a remote attacker to cause a denial of service. (CVE-2014-9652) - An out-of-bounds read issue exists in the GetCode_() function in 'gd_gif_in.c'. This allows a remote attacker to disclose memory contents. (CVE-2014-9709) - A use-after-free memory error exists in the process_nested_data() function in 'var_unserializer.re' due to improper handling of duplicate numerical keys within the serialized properties of an object. A remote attacker, using a crafted unserialize method call, can exploit this vulnerability to execute arbitrary code. (CVE-2015-0231) - A flaw exists in the exif_process_unicode() function in 'exif.c' that allows freeing an uninitialized pointer. A remote attacker, using specially crafted EXIF data in a JPEG image, can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-0232) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.6.5"); script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68618"); script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68710"); script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68799"); script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.6.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0231"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/17"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/29"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version); if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port); if (version =~ "^5\.6\.[0-4]$") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version + '\n Fixed version : 5.6.5' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1218.NASL description From Red Hat Security Advisory 2015:1218 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84659 published 2015-07-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84659 title Oracle Linux 6 : php (ELSA-2015-1218) NASL family Scientific Linux Local Security Checks NASL id SL_20150709_PHP_ON_SL6_X.NASL description A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-03-18 modified 2015-07-13 plugin id 84661 published 2015-07-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84661 title Scientific Linux Security Update : php on SL6.x i386/x86_64 (20150709) NASL family MacOS X Local Security Checks NASL id MACOSX_10_11.NASL description The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components : - Address Book - AirScan - apache_mod_php - Apple Online Store Kit - AppleEvents - Audio - bash - Certificate Trust Policy - CFNetwork Cookies - CFNetwork FTPProtocol - CFNetwork HTTPProtocol - CFNetwork Proxies - CFNetwork SSL - CoreCrypto - CoreText - Dev Tools - Disk Images - dyld - EFI - Finder - Game Center - Heimdal - ICU - Install Framework Legacy - Intel Graphics Driver - IOAudioFamily - IOGraphics - IOHIDFamily - IOStorageFamily - Kernel - libc - libpthread - libxpc - Login Window - lukemftpd - Mail - Multipeer Connectivity - NetworkExtension - Notes - OpenSSH - OpenSSL - procmail - remote_cmds - removefile - Ruby - Safari - Safari Downloads - Safari Extensions - Safari Safe Browsing - Security - SMB - SQLite - Telephony - Terminal - tidy - Time Machine - WebKit - WebKit CSS - WebKit JavaScript Bindings - WebKit Page Loading - WebKit Plug-ins Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 86270 published 2015-10-05 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86270 title Mac OS X < 10.11 Multiple Vulnerabilities (GHOST) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-080.NASL description Multiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file last seen 2020-06-01 modified 2020-06-02 plugin id 82333 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82333 title Mandriva Linux Security Advisory : php (MDVSA-2015:080) NASL family CGI abuses NASL id PHP_5_5_21.NASL description According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.21. It is, therefore, affected by multiple vulnerabilities: - A double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine could allow a remote attacker to cause a denial of service. (CVE-2014-9425) - An out-of-bounds read flaw in file last seen 2020-06-01 modified 2020-06-02 plugin id 81081 published 2015-01-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81081 title PHP 5.5.x < 5.5.21 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201503-03.NASL description The remote host is affected by the vulnerability described in GLSA-201503-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can leverage these vulnerabilities to execute arbitrary code or cause Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81688 published 2015-03-09 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81688 title GLSA-201503-03 : PHP: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1218.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84660 published 2015-07-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84660 title RHEL 6 : php (RHSA-2015:1218) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10804.NASL description According to its self-reported version number and configuration, the remote Juniper Junos device is affected by multiple vulnerabilities in the included PHP version : - An unspecified flaw exists in the SQLite extension that allows an unauthenticated, remote attacker to bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 102079 published 2017-07-31 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102079 title Juniper Junos PHP multiple vulnerabilities (JSA10804) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1218.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84648 published 2015-07-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84648 title CentOS 6 : php (CESA-2015:1218)
Redhat
advisories |
| ||||
rpms |
|
References
- http://openwall.com/lists/oss-security/2014/12/29/6
- https://bugs.php.net/bug.php?id=68676
- http://advisories.mageia.org/MGASA-2015-0040.html
- https://support.apple.com/HT205267
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.securityfocus.com/bid/71800
- https://security.gentoo.org/glsa/201503-03
- http://rhn.redhat.com/errata/RHSA-2015-1218.html
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=24125f0f26f3787c006e4a51611ba33ee3b841cb
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2bcf69d073190e4f032d883f3416dea1b027a39e