ID F5:K15635 Type f5 Reporter f5 Modified 2016-01-09T02:19:00
Description
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. (CVE-2012-1171)
Impact
None. No F5 products are affected by this vulnerability.
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.
{"title": "PHP 5.x vulnerability - CVE-2012-1171", "published": "2014-09-30T01:26:00", "references": [], "type": "f5", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1171"]}, {"type": "f5", "idList": ["SOL15635"]}, {"type": "seebug", "idList": ["SSV:61505"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804241"]}, {"type": "nessus", "idList": ["PHP_RSHUTDOWN_OPEN_BASEDIR_BYPASS.NASL"]}], "modified": "2017-10-12T02:11:04"}, "vulnersScore": 5.0}, "cvelist": ["CVE-2012-1171"], "viewCount": 2, "affectedSoftware": [], "hash": "53eb1bdb8531b32c27f1bebae150f1b993ceca26232b6edcb30643f075d607e1", "id": "F5:K15635", "modified": "2016-01-09T02:19:00", "history": [], "href": "https://support.f5.com/csp/article/K15635", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "c3254ac4a14f842b43f0d9f7ebc406a6", "key": "cvelist"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "e85cc4b8088a114b7449b1a9aaa36db4", "key": "description"}, {"hash": "e5dad622b782f6ad901d2f484d61c047", "key": "href"}, {"hash": "de96c7fd6a6fb79bc5ce81e17428a66d", "key": "modified"}, {"hash": "b23db6886a276488e7f9cb365f25e664", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "reporter"}, {"hash": "c488716e08e9a902725b72c37e4f456e", "key": "title"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "type"}], "objectVersion": "1.3", "edition": 1, "description": " \n\n\nThe libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. ([CVE-2012-1171](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1171>)) \n\n\nImpact \n\n\nNone. No F5 products are affected by this vulnerability. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "bulletinFamily": "software", "reporter": "f5", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 5.0}, "lastseen": "2017-10-12T02:11:04"}
{"cve": [{"lastseen": "2016-09-03T16:20:54", "bulletinFamily": "NVD", "description": "The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.", "modified": "2014-02-18T13:57:53", "published": "2014-02-15T09:57:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1171", "id": "CVE-2012-1171", "title": "CVE-2012-1171", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "f5": [{"lastseen": "2016-11-09T00:09:43", "bulletinFamily": "software", "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-09-29T00:00:00", "published": "2014-09-29T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15635.html", "id": "SOL15635", "title": "SOL15635 - PHP 5.x vulnerability - CVE-2012-1171", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:39:00", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 65673\r\nCVE(CAN) ID: CVE-2012-1171\r\n\r\nPHP\u662f\u4e00\u79cdHTML\u5185\u5d4c\u5f0f\u7684\u8bed\u8a00\u3002\r\n\r\nPHP 5.x\u7248\u672c\u5185\u7684libxml RSHUTDOWN\u51fd\u6570\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u5728\u7528\u81ea\u5b9a\u4e49\u6d41\u5c01\u88c5\u5668\u65f6\u8c03\u7528stream_close\u65b9\u6cd5\uff0c\u7ed5\u8fc7open_basedir\u4fdd\u62a4\u673a\u5236\uff0c\u8bfb\u53d6\u654f\u611f\u6587\u4ef6\u3002\r\n0\r\nPHP PHP 5.5.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.php.net/downloads.php\r\nhttp://git.php.net/?p=php-src.git;a=commitdiff;h=8f4a5373bb71590352fd934028d6dde5bc18530b", "modified": "2014-02-21T00:00:00", "published": "2014-02-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61505", "id": "SSV:61505", "type": "seebug", "title": "PHP libxml RSHUTDOWN\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e(CVE-2012-1171)", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:21:00", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP 5.x installed on the remote host is 5.x prior to 5.3.11 or 5.4.x prior to 5.4.1 and thus, is potentially affected by a security bypass vulnerability.\n\nAn error exists related to the function 'PHP_RSHUTDOWN_FUNCTION' in the libxml extension and the 'stream_close' method that could allow a remote attacker to bypass 'open_basedir' protections and obtain sensitive information.\n\nNote that this plugin has not attempted to exploit this issue, but has instead relied only on PHP's self-reported version number.", "modified": "2018-07-24T00:00:00", "id": "PHP_RSHUTDOWN_OPEN_BASEDIR_BYPASS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73289", "published": "2014-04-01T00:00:00", "title": "PHP PHP_RSHUTDOWN_FUNCTION Security Bypass", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73289);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/24 18:56:10\");\n\n script_cve_id(\"CVE-2012-1171\");\n script_bugtraq_id(65673);\n\n script_name(english:\"PHP PHP_RSHUTDOWN_FUNCTION Security Bypass\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is potentially\naffected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.x installed on the\nremote host is 5.x prior to 5.3.11 or 5.4.x prior to 5.4.1 and thus,\nis potentially affected by a security bypass vulnerability.\n\nAn error exists related to the function 'PHP_RSHUTDOWN_FUNCTION' in\nthe libxml extension and the 'stream_close' method that could allow a\nremote attacker to bypass 'open_basedir' protections and obtain\nsensitive information.\n\nNote that this plugin has not attempted to exploit this issue, but has\ninstead relied only on PHP's self-reported version number.\");\n # https://github.com/php/php-src/commit/167e2fd78224887144496cdec2089cd5b2f3312d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bcc428c2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=61367\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PHP version 5.3.11 / 5.4.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.[34])?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.[01234]($|[^0-9])\") audit(AUDIT_NOT_DETECT, \"PHP version 5.0.x - 5.4.x\", port);\n\n# Affected\n# 5.0.x through 5.2.x\n# 5.3.x < 5.3.11\n# 5.4.x < 5.4.1\nif (\n version =~ \"^5\\.[012]($|[^0-9])\" ||\n version =~ \"^5\\.3\\.([0-9]|10)($|[^0-9])\" ||\n version =~ \"^5\\.4\\.0($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.11 / 5.4.1\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-10-22T16:40:43", "bulletinFamily": "scanner", "description": "This host is installed with PHP and is prone to security bypass\n vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2014-02-19T00:00:00", "id": "OPENVAS:1361412562310804241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804241", "title": "PHP 'open_basedir' Security Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_open_basedir_security_bypass_vuln.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# PHP 'open_basedir' Security Bypass Vulnerability\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804241\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2012-1171\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-19 16:40:59 +0530 (Wed, 19 Feb 2014)\");\n script_name(\"PHP 'open_basedir' Security Bypass Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone to security bypass\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is in libxml RSHUTDOWN function which allows to bypass open_basedir\n protection mechanism through stream_close method call.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to read arbitrary files.\");\n\n script_tag(name:\"affected\", value:\"PHP versions 5.x.0 to 5.0.5, 5.1.0 to 5.1.6, 5.2.0 to 5.2.17, 5.3.0 to\n 5.3.27, 5.4.0 to 5.4.23 and 5.5.0 to 5.5.6.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year\n since the disclosure of this vulnerability. Likely none will be provided anymore.\n General solution options are to upgrade to a newer release, disable respective\n features, remove the product or replace the product by another one.\");\n\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=802591\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_in_range(version:phpVer, test_version:\"5.0.0\", test_version2:\"5.0.5\") ||\n version_in_range(version:phpVer, test_version:\"5.1.0\", test_version2:\"5.1.6\") ||\n version_in_range(version:phpVer, test_version:\"5.2.0\", test_version2:\"5.2.17\") ||\n version_in_range(version:phpVer, test_version:\"5.3.0\", test_version2:\"5.3.27\") ||\n version_in_range(version:phpVer, test_version:\"5.4.0\", test_version2:\"5.4.23\") ||\n version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.6\")) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"N/A\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
