PHP 5.4.x < 5.4.38 / 5.5.x < 5.5.22 / 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)

2015-04-09T00:00:00
ID 8677.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00

Description

Versions of PHP 5.4.x earlier than 5.4.38, 5.5.x earlier than 5.5.22, or 5.6.x earlier than 5.6.6 are exposed to the following issues :

  • A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (GHOST) (Bug 68925 / CVE-2015-0235)

  • A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (Bug 68942 / CVE-2015-0273)

  • A use-after-free flaw exists in the function 'phar_rename_archive' in the source file 'phar_object.c'. An attacker can cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. (Bug 68901 / CVE-2015-2301)

  • A heap-based buffer overflow flaw affects the 'enchant_broker_request_dict' function in the source file 'ext/enchant/enchant.c'. This allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. (Bug 68552 / CVE-2014-9705)

                                        
                                            Binary data 8677.prm