English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.120224
Category:Amazon Linux Local Security Checks
Title:Amazon Linux: Security Advisory (ALAS-2015-534)
Summary:The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2015-534 advisory.
Description:Summary:
The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2015-534 advisory.

Vulnerability Insight:
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)

An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)

PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)

PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326)

Affected Software/OS:
'php54' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-2325
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html
https://bugs.exim.org/show_bug.cgi?id=1591
https://fortiguard.com/zeroday/FG-VD-15-015
Common Vulnerability Exposure (CVE) ID: CVE-2015-2326
https://bugs.exim.org/show_bug.cgi?id=1592
https://fortiguard.com/zeroday/FG-VD-15-016
Common Vulnerability Exposure (CVE) ID: CVE-2015-4021
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 74700
http://www.securityfocus.com/bid/74700
Debian Security Information: DSA-3280 (Google Search)
http://www.debian.org/security/2015/dsa-3280
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
https://security.gentoo.org/glsa/201606-10
RedHat Security Advisories: RHSA-2015:1135
http://rhn.redhat.com/errata/RHSA-2015-1135.html
RedHat Security Advisories: RHSA-2015:1186
http://rhn.redhat.com/errata/RHSA-2015-1186.html
RedHat Security Advisories: RHSA-2015:1187
http://rhn.redhat.com/errata/RHSA-2015-1187.html
RedHat Security Advisories: RHSA-2015:1218
http://rhn.redhat.com/errata/RHSA-2015-1218.html
RedHat Security Advisories: RHSA-2015:1219
http://rhn.redhat.com/errata/RHSA-2015-1219.html
http://www.securitytracker.com/id/1032433
SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4022
BugTraq ID: 74902
http://www.securityfocus.com/bid/74902
Common Vulnerability Exposure (CVE) ID: CVE-2015-4024
BugTraq ID: 74903
http://www.securityfocus.com/bid/74903
http://www.securitytracker.com/id/1032432
Common Vulnerability Exposure (CVE) ID: CVE-2015-4025
BugTraq ID: 74904
http://www.securityfocus.com/bid/74904
http://www.securitytracker.com/id/1032431
Common Vulnerability Exposure (CVE) ID: CVE-2015-4026
BugTraq ID: 75056
http://www.securityfocus.com/bid/75056
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.