Web application abuses : PHP 5.4.x < 5.4.37, 5.5.x < 5.5.21, 5.6.x < 5.6.5 Multiple Vulnerabilities (Feb 2015)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805446

Categoría: Web application abuses

Título: PHP 5.4.x < 5.4.37, 5.5.x < 5.5.21, 5.6.x < 5.6.5 Multiple Vulnerabilities (Feb 2015)

Resumen: PHP is prone to multiple vulnerabilities.

Descripción: Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2014-9652: Improper handle of a certain string-length field during a copy of a truncated
version of a Pascal string in the mconvert function from softmagic.c file

- CVE-2014-9653: Uninitialized memory access in the readelf.c file

- CVE-2015-0231: Use after free vulnerability in the 'process_nested_data' function in
ext/standard/var_unserializer.re

- CVE-2015-0232: Uninitialized pointer free in the 'exif_process_unicode' function in
ext/exif/exif.c script when parsing JPEG EXIF entries

Vulnerability Impact:
Successful exploitation will allow remote attackers to cause a
denial of service or possibly execute arbitrary code via different crafted dimensions.

Affected Software/OS:
PHP versions 5.4.x before 5.4.37, 5.5.x before 5.5.21, and
5.6.x before 5.6.5.

Solution:
Update to PHP version 5.4.37, 5.5.21, 5.6.5 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9652
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
BugTraq ID: 72505
http://www.securityfocus.com/bid/72505
https://security.gentoo.org/glsa/201701-42
HPdes Security Advisory: HPSBMU03380
http://marc.info/?l=bugtraq&m=143748090628601&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://openwall.com/lists/oss-security/2015/02/05/12
RedHat Security Advisories: RHSA-2015:1053
http://rhn.redhat.com/errata/RHSA-2015-1053.html
RedHat Security Advisories: RHSA-2015:1066
http://rhn.redhat.com/errata/RHSA-2015-1066.html
RedHat Security Advisories: RHSA-2015:1135
http://rhn.redhat.com/errata/RHSA-2015-1135.html
SuSE Security Announcement: SUSE-SU-2015:0424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html
SuSE Security Announcement: SUSE-SU-2015:0436 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html
SuSE Security Announcement: openSUSE-SU-2015:0440 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9653
BugTraq ID: 72516
http://www.securityfocus.com/bid/72516
Debian Security Information: DSA-3196 (Google Search)
http://www.debian.org/security/2015/dsa-3196
http://mx.gw.com/pipermail/file/2014/001649.html
http://openwall.com/lists/oss-security/2015/02/05/13
RedHat Security Advisories: RHSA-2016:0760
http://rhn.redhat.com/errata/RHSA-2016-0760.html
https://usn.ubuntu.com/3686-1/
Common Vulnerability Exposure (CVE) ID: CVE-2015-0231
BugTraq ID: 72539
http://www.securityfocus.com/bid/72539
Debian Security Information: DSA-3195 (Google Search)
http://www.debian.org/security/2015/dsa-3195
https://security.gentoo.org/glsa/201503-03
https://security.gentoo.org/glsa/201606-10
HPdes Security Advisory: HPSBUX03337
http://marc.info/?l=bugtraq&m=143403519711434&w=2
HPdes Security Advisory: SSRT102066
http://www.mandriva.com/security/advisories?name=MDVSA-2015:032
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0232
BugTraq ID: 72541
http://www.securityfocus.com/bid/72541
RedHat Security Advisories: RHSA-2015:1218
http://rhn.redhat.com/errata/RHSA-2015-1218.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805446
Categoría:	Web application abuses
Título:	PHP 5.4.x < 5.4.37, 5.5.x < 5.5.21, 5.6.x < 5.6.5 Multiple Vulnerabilities (Feb 2015)
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2014-9652: Improper handle of a certain string-length field during a copy of a truncated version of a Pascal string in the mconvert function from softmagic.c file - CVE-2014-9653: Uninitialized memory access in the readelf.c file - CVE-2015-0231: Use after free vulnerability in the 'process_nested_data' function in ext/standard/var_unserializer.re - CVE-2015-0232: Uninitialized pointer free in the 'exif_process_unicode' function in ext/exif/exif.c script when parsing JPEG EXIF entries Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial of service or possibly execute arbitrary code via different crafted dimensions. Affected Software/OS: PHP versions 5.4.x before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5. Solution: Update to PHP version 5.4.37, 5.5.21, 5.6.5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9652 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 72505 http://www.securityfocus.com/bid/72505 https://security.gentoo.org/glsa/201701-42 HPdes Security Advisory: HPSBMU03380 http://marc.info/?l=bugtraq&m=143748090628601&w=2 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2015/02/05/12 RedHat Security Advisories: RHSA-2015:1053 http://rhn.redhat.com/errata/RHSA-2015-1053.html RedHat Security Advisories: RHSA-2015:1066 http://rhn.redhat.com/errata/RHSA-2015-1066.html RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html SuSE Security Announcement: SUSE-SU-2015:0424 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html SuSE Security Announcement: SUSE-SU-2015:0436 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html SuSE Security Announcement: openSUSE-SU-2015:0440 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9653 BugTraq ID: 72516 http://www.securityfocus.com/bid/72516 Debian Security Information: DSA-3196 (Google Search) http://www.debian.org/security/2015/dsa-3196 http://mx.gw.com/pipermail/file/2014/001649.html http://openwall.com/lists/oss-security/2015/02/05/13 RedHat Security Advisories: RHSA-2016:0760 http://rhn.redhat.com/errata/RHSA-2016-0760.html https://usn.ubuntu.com/3686-1/ Common Vulnerability Exposure (CVE) ID: CVE-2015-0231 BugTraq ID: 72539 http://www.securityfocus.com/bid/72539 Debian Security Information: DSA-3195 (Google Search) http://www.debian.org/security/2015/dsa-3195 https://security.gentoo.org/glsa/201503-03 https://security.gentoo.org/glsa/201606-10 HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: SSRT102066 http://www.mandriva.com/security/advisories?name=MDVSA-2015:032 http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0232 BugTraq ID: 72541 http://www.securityfocus.com/bid/72541 RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html
Copyright	Copyright (C) 2015 Greenbone AG