Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 Tenable Network Security, Inc.PHP_5_5_16.NASL
HistoryAug 27, 2014 - 12:00 a.m.

PHP 5.5.x < 5.5.16 Multiple Vulnerabilities

2014-08-2700:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
45
JSON

According to its banner, the remote web server is running a version of PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following vulnerabilities :

  • LibGD contains a NULL pointer dereference flaw in its ‘gdImageCreateFromXpm’ function in the ‘gdxpm.c’ file.
    By using a specially crafted color mapping, a remote attacker could cause a denial of service.
    (CVE-2014-2497)

  • The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)

  • An integer overflow flaw exists in the ‘cdf.c’ file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)

  • There are multiple buffer overflow flaws in the ‘dns.c’ file related to the ‘dns_get_record’ and ‘dn_expand’ functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)

  • There exist multiple flaws in the GD component within the ‘gd_ctx.c’ file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
    (CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(77403);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2014-2497",
    "CVE-2014-3538",
    "CVE-2014-3587",
    "CVE-2014-3597",
    "CVE-2014-5120"
  );
  script_bugtraq_id(
    66233,
    66406,
    68348,
    69322,
    69325,
    69375
  );

  script_name(english:"PHP 5.5.x < 5.5.16 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the remote web server is running a version of
PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following
vulnerabilities :

  - LibGD contains a NULL pointer dereference flaw in its
    'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
    By using a specially crafted color mapping, a remote
    attacker could cause a denial of service.
    (CVE-2014-2497)

  - The original upstream patch for CVE-2013-7345 did not
    provide a complete solution. It is, therefore, still
    possible for a remote attacker to deploy a specially
    crafted input file to cause excessive resources to be
    used when trying to detect the file type using awk
    regular expression rules. This can cause a denial of
    service. (CVE-2014-3538)

  - An integer overflow flaw exists in the 'cdf.c' file. By
    using a specially crafted CDF file, a remote attacker
    could cause a denial of service. (CVE-2014-3587)

  - There are multiple buffer overflow flaws in the 'dns.c'
    file related to the 'dns_get_record' and 'dn_expand'
    functions. By using a specially crafted DNS record,
    a remote attacker could exploit these to cause a denial
    of service or execute arbitrary code. (CVE-2014-3597)

  - There exist multiple flaws in the GD component within
    the 'gd_ctx.c' file where user-supplied input is not
    properly validated to ensure that pathnames lack %00
    sequences. By using specially crafted input, a remote
    attacker could overwrite arbitrary files.
    (CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has
instead relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.5.16");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67730");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67705");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67717");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=66901");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67716");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.5.16 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3597");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/27");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php:TRUE);
php = get_php_from_kb(port:port, exit_on_fail:TRUE);

version = php["ver"];
source = php["src"];

backported = get_kb_item('www/php/'+port+'/'+version+'/backported');

if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");

# Check that it is the correct version of PHP
if (version =~ "^5(\.5)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
if (version !~ "^5\.5\.") audit(AUDIT_NOT_DETECT, "PHP version 5.5.x", port);

if (version =~ "^5\.5\.([0-9]|1[0-5])($|[^0-9])")
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 5.5.16' +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
VendorProductVersionCPE
phpphpcpe:/a:php:php

Related

nessus 51
securityvulns 7
slackware 2
openvas 47
debian 9
osv 4
oraclelinux 2
redhat 5
centos 3
amazon 6
veracode 8
prion 5
ubuntucve 6
debiancve 4
cvelist 6
cve 4
mageia 7
kitploit 1
ubuntu 3
f5 4
fedora 8
gentoo 1
checkpoint_advisories 2
seebug 2
ibm 2
nessus
nessus
Fedora 20 : php-5.5.16-1.fc20 (2014-9684)
2014-09-03 00:00:00
Fedora 19 : php-5.5.16-1.fc19 (2014-9679)
2014-09-03 00:00:00
PHP 5.4.x < 5.4.32 / 5.5.x < 5.5.16 Multiple Vulnerabilities
2014-08-28 00:00:00
securityvulns
securityvulns
PHP security vulnerabilities
2014-09-15 00:00:00
[USN-2344-1] PHP vulnerabilities
2014-09-15 00:00:00
[slackware-security] php &#40;SSA:2014-111-02&#41;
2014-05-04 00:00:00
slackware
slackware
[slackware-security] php
2014-09-04 22:00:56
[slackware-security] php
2014-04-21 21:13:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-247-01)
2022-04-21 00:00:00
PHP Multiple Vulnerabilities - 01 (Aug 2014)
2014-08-25 00:00:00
Debian: Security Advisory (DLA-67-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 67-1] php5 security update
2014-09-30 07:46:52
[SECURITY] [DSA 3008-1] php5 security update
2014-08-21 06:22:21
[SECURITY] [DSA 3008-2] php5 regression update
2014-08-21 12:40:18
osv
osv
php5 - security update
2014-09-30 00:00:00
php5 - security update
2014-08-21 00:00:00
file - security update
2014-09-10 00:00:00
oraclelinux
oraclelinux
php security update
2014-09-30 00:00:00
php53 and php security update
2014-09-30 00:00:00
redhat
redhat
(RHSA-2014:1327) Moderate: php security update
2014-09-30 00:00:00
(RHSA-2014:1326) Moderate: php53 and php security update
2014-09-30 00:00:00
(RHSA-2014:1765) Important: php54-php security update
2014-10-30 00:00:00
centos
centos
php security update
2014-09-30 10:59:18
php, php53 security update
2014-09-30 10:27:47
file, python security update
2016-05-16 10:13:44
amazon
amazon
Medium: php55
2014-09-18 21:03:00
Medium: php54
2014-05-21 10:40:00
Medium: file
2014-04-10 23:55:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:28
Authorization Bypass
2019-05-02 05:04:21
Denial Of Service (DoS)
2019-01-15 09:02:04
prion
prion
Design/Logic Flaw
2014-07-03 14:55:00
Design/Logic Flaw
2014-03-24 16:31:00
Code injection
2014-08-23 01:55:00
ubuntucve
ubuntucve
CVE-2013-7345
2014-03-24 00:00:00
CVE-2014-3538
2014-07-03 00:00:00
CVE-2014-5120
2014-08-23 00:00:00
debiancve
debiancve
CVE-2014-3538
2014-07-03 14:55:00
CVE-2013-7345
2014-03-24 16:31:00
CVE-2014-5120
2014-08-23 01:55:00
cvelist
cvelist
CVE-2014-3538
2014-07-03 14:00:00
CVE-2013-7345
2014-03-23 15:00:00
CVE-2014-5120
2014-08-23 01:00:00
cve
cve
CVE-2014-3538
2014-07-03 14:55:00
CVE-2013-7345
2014-03-24 16:31:00
CVE-2014-5120
2014-08-23 01:55:00
mageia
mageia
Updated file packages fix security vulnerability
2014-08-06 00:08:48
Updated php packages fix multiple security vulnerabilities
2014-09-05 13:07:37
Updated php packages fix security vulnerabilities
2014-08-08 15:23:49
kitploit
kitploit
Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities
2019-05-21 21:17:00
ubuntu
ubuntu
PHP vulnerabilities
2014-09-10 00:00:00
file vulnerability
2014-10-03 00:00:00
file vulnerabilities
2014-07-15 00:00:00
f5
f5
K15761 : Multiple PHP 5.x vulnerabilities
2015-09-17 00:00:00
SOL15761 - Multiple PHP 5.x vulnerabilities
2014-10-30 00:00:00
K15303 : PHP vulnerability CVE-2013-7345
2014-06-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.16-1.fc20
2014-09-02 06:40:37
[SECURITY] Fedora 19 Update: php-5.5.16-1.fc19
2014-09-02 06:47:45
[SECURITY] Fedora 20 Update: file-5.19-7.fc20
2014-10-29 11:03:54
gentoo
gentoo
file: Denial of service
2014-08-26 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Fileinfo cdf_read_property_info Denial of Service (CVE-2014-3587)
2014-10-26 00:00:00
PHP Fileinfo cdf_read_property_info Denial of Service - ver 2 (CVE-2014-3587)
2014-11-12 00:00:00
seebug
seebug
php-gd 'gdxpm.c'空指针拒绝服务漏洞
2014-03-17 00:00:00
PHP &quot;gdImageCreateFromXpm()&quot;空指针间接引用漏洞
2014-03-19 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
JSON
Related for PHP_5_5_16.NASL
nessus51securityvulns7slackware2openvas47debian9osv4oraclelinux2redhat5centos3amazon6veracode8prion5ubuntucve6debiancve4cvelist6cve4mageia7kitploit1ubuntu3f54fedora8gentoo1checkpoint_advisories2seebug2ibm2