Vulnerabilities > CVE-2015-4021 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-396.NASL description php5 was updated to fix four security issues. The following vulnerabilities were fixed : - CVE-2015-4024: Multipart/form-data remote dos Vulnerability (bnc#931421) - CVE-2015-4026: pcntl_exec() does not check path validity (bnc#931776) - CVE-2015-4022: overflow in ftp_genlist() resulting in heap overflow (bnc#931772) - CVE-2015-4021: memory corruption in phar_parse_tarfile when entry filename starts with NULL (bnc#931769) last seen 2020-06-05 modified 2015-06-04 plugin id 83983 published 2015-06-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83983 title openSUSE Security Update : php5 (openSUSE-2015-396) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8370.NASL description 14 May 2015, **PHP 5.5.25** **Core:** - Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas) - Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas) - Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas) - Fixed bug #69522 (heap buffer overflow in unpack()). (Stas) - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence) - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence) - Fixed bug #60022 ( last seen 2020-06-05 modified 2015-05-29 plugin id 83895 published 2015-05-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83895 title Fedora 20 : php-5.5.25-1.fc20 (2015-8370) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2658-1.NASL description Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598) Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. (CVE-2015-4021) Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code. (CVE-2015-4022, CVE-2015-4643) Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service. (CVE-2015-4024) Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code. (CVE-2015-4147) Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information. (CVE-2015-4148) Taoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603) It was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605) It was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-4644). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84563 published 2015-07-07 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84563 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1) NASL family CGI abuses NASL id PHP_5_4_41.NASL description According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. (CVE-2015-2325, CVE-2015-2326) - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the last seen 2020-06-01 modified 2020-06-02 plugin id 83517 published 2015-05-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83517 title PHP 5.4.x < 5.4.41 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201606-10.NASL description The remote host is affected by the vulnerability described in GLSA-201606-10 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 91704 published 2016-06-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91704 title GLSA-201606-10 : PHP: Multiple vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1544.NASL description According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP last seen 2020-06-01 modified 2020-06-02 plugin id 124997 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124997 title EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1218.NASL description From Red Hat Security Advisory 2015:1218 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84659 published 2015-07-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84659 title Oracle Linux 6 : php (ELSA-2015-1218) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1135.NASL description From Red Hat Security Advisory 2015:1135 : Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84351 published 2015-06-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84351 title Oracle Linux 7 : php (ELSA-2015-1135) NASL family Scientific Linux Local Security Checks NASL id SL_20150709_PHP_ON_SL6_X.NASL description A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-03-18 modified 2015-07-13 plugin id 84661 published 2015-07-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84661 title Scientific Linux Security Update : php on SL6.x i386/x86_64 (20150709) NASL family CGI abuses NASL id PHP_5_6_9.NASL description According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. (CVE-2015-2325, CVE-2015-2326) - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the last seen 2020-06-01 modified 2020-06-02 plugin id 83519 published 2015-05-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83519 title PHP 5.6.x < 5.6.9 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1135.NASL description Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84355 published 2015-06-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84355 title RHEL 7 : php (RHSA-2015:1135) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1135.NASL description Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84345 published 2015-06-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84345 title CentOS 7 : php (CESA-2015:1135) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1638-1.NASL description This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don last seen 2020-06-01 modified 2020-06-02 plugin id 93161 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93161 title SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-534.NASL description An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP last seen 2020-06-01 modified 2020-06-02 plugin id 83973 published 2015-06-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83973 title Amazon Linux AMI : php54 (ALAS-2015-534) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1253-1.NASL description This security update of PHP fixes the following issues : Security issues fixed : - CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability. - CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity. - CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow. - CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL. - CVE-2015-4148 [bnc#933227]: Fixed SoapClient last seen 2020-03-24 modified 2019-01-02 plugin id 119968 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119968 title SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-536.NASL description An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP last seen 2020-06-01 modified 2020-06-02 plugin id 83975 published 2015-06-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83975 title Amazon Linux AMI : php56 (ALAS-2015-536) NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_5.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 85408 published 2015-08-17 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85408 title Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1218.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84660 published 2015-07-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84660 title RHEL 6 : php (RHSA-2015:1218) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-006.NASL description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - CoreText - FontParser - Libinfo - libxml2 - OpenSSL - perl - PostgreSQL - QL Office - Quartz Composer Framework - QuickTime 7 - SceneKit Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 85409 published 2015-08-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85409 title Mac OS X Multiple Vulnerabilities (Security Update 2015-006) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8281.NASL description 14 May 2015, **PHP 5.6.9** Core : - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence) - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence) - Fixed bug #60022 ( last seen 2020-06-05 modified 2015-05-27 plugin id 83835 published 2015-05-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83835 title Fedora 22 : php-5.6.9-1.fc22 (2015-8281) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_31DE2E1300D211E5A072D050996490D0.NASL description PHP development team reports : Fixed bug #69364 (PHP Multipart/form-data remote DoS Vulnerability). (CVE-2015-4024) Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025) Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022) Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026) Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021) last seen 2020-06-01 modified 2020-06-02 plugin id 83792 published 2015-05-26 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83792 title FreeBSD : php -- multiple vulnerabilities (31de2e13-00d2-11e5-a072-d050996490d0) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-307.NASL description - CVE-2015-3307 The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. - CVE-2015-3411 + CVE-2015-3412 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) - CVE-2015-4021 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. - CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. - CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. - CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. - CVE-2015-4147 The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a last seen 2020-03-17 modified 2015-09-08 plugin id 85808 published 2015-09-08 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85808 title Debian DLA-307-1 : php5 security update NASL family Scientific Linux Local Security Checks NASL id SL_20150623_PHP_ON_SL7_X.NASL description A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-03-18 modified 2015-06-25 plugin id 84394 published 2015-06-25 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84394 title Scientific Linux Security Update : php on SL7.x x86_64 (20150623) NASL family Misc. NASL id SECURITYCENTER_PHP_5_4_41.NASL description The SecurityCenter application installed on the remote host is affected by multiple vulnerabilities in the bundled version of PHP that is prior to version 5.4.41. It is, therefore, affected by the following vulnerabilities : - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the last seen 2020-06-01 modified 2020-06-02 plugin id 85566 published 2015-08-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85566 title Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-535.NASL description An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP last seen 2020-06-01 modified 2020-06-02 plugin id 83974 published 2015-06-04 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83974 title Amazon Linux AMI : php55 (ALAS-2015-535) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3280.NASL description Multiple vulnerabilities have been discovered in PHP : - CVE-2015-4025 / CVE-2015-4026 Multiple function didn last seen 2020-06-01 modified 2020-06-02 plugin id 84025 published 2015-06-09 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84025 title Debian DSA-3280-1 : php5 - security update NASL family CGI abuses NASL id PHP_5_5_25.NASL description According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.25. It is, therefore, affected by multiple vulnerabilities : - A flaw in the phar_parse_tarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive. (CVE-2015-4021) - An integer overflow condition exists in the ftp_genlist() function in ftp.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possible remote code execution. (CVE-2015-4022) - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the last seen 2020-06-01 modified 2020-06-02 plugin id 83518 published 2015-05-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83518 title PHP 5.5.x < 5.5.25 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1018-1.NASL description PHP 5.3 was updated to fix multiple security issues : bnc#931776: pcntl_exec() does not check path validity (CVE-2015-4026) bnc#931772: overflow in ftp_genlist() resulting in heap overflow (CVE-2015-4022) bnc#931769: memory corruption in phar_parse_tarfile when entry filename starts with NULL (CVE-2015-4021) bnc#931421: multipart/form-data remote denial-of-service vulnerability (CVE-2015-4024) bnc#928511: buffer over-read in unserialize when parsing Phar (CVE-2015-2783) bnc#928506: buffer over flow when parsing tar/zip/phar in phar_set_inode() (CVE-2015-3329) bnc#925109: SoapClient last seen 2020-06-01 modified 2020-06-02 plugin id 84082 published 2015-06-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84082 title SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-8383.NASL description 14 May 2015, **PHP 5.6.9** Core : - Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence) - Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence) - Fixed bug #60022 ( last seen 2020-06-05 modified 2015-05-29 plugin id 83896 published 2015-05-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83896 title Fedora 21 : php-5.6.9-1.fc21 (2015-8383) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1218.NASL description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP last seen 2020-06-01 modified 2020-06-02 plugin id 84648 published 2015-07-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84648 title CentOS 6 : php (CESA-2015:1218) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-162-02.NASL description New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84127 published 2015-06-12 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84127 title Slackware 14.0 / 14.1 / current : php (SSA:2015-162-02)
Redhat
advisories |
| ||||||||||||||||||||
rpms |
|
References
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2015-1135.html
- http://rhn.redhat.com/errata/RHSA-2015-1186.html
- http://rhn.redhat.com/errata/RHSA-2015-1187.html
- http://rhn.redhat.com/errata/RHSA-2015-1218.html
- http://rhn.redhat.com/errata/RHSA-2015-1219.html
- http://www.debian.org/security/2015/dsa-3280
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/74700
- http://www.securitytracker.com/id/1032433
- https://bugs.php.net/bug.php?id=69453
- https://security.gentoo.org/glsa/201606-10
- https://support.apple.com/kb/HT205031