Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871219
Category:Red Hat Local Security Checks
Title:RedHat Update for php RHSA-2014:1013-01
Summary:The remote host is missing an update for the 'php'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'php'
package(s) announced via the referenced advisory.

Vulnerability Insight:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP's fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.

A denial of service flaw was found in the File Information (fileinfo)
extension rules for detecting AWK files. A remote attacker could use this
flaw to cause a PHP application using fileinfo to consume an excessive
amount of CPU. (CVE-2013-7345)

Multiple denial of service flaws were found in the way the File Information
(fileinfo) extension parsed certain Composite Document Format (CDF) files.
A remote attacker could use either of these flaws to crash a PHP
application using fileinfo via a specially crafted CDF file.
(CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487)

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT
records. A malicious DNS server or a man-in-the-middle attacker could
possibly use this flaw to execute arbitrary code as the PHP interpreter if
a PHP application used the dns_get_record() function to perform a DNS
query. (CVE-2014-4049)

A type confusion issue was found in PHP's phpinfo() function. A malicious
script author could possibly use this flaw to disclose certain portions of
server memory. (CVE-2014-4721)

A type confusion issue was found in the SPL ArrayObject and
SPLObjectStorage classes' unserialize() method. A remote attacker able to
submit specially crafted input to a PHP application, which would then
unserialize this input using one of the aforementioned methods, could use
this flaw to execute arbitrary code with the privileges of the user running
that PHP application. (CVE-2014-3515)

The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,
CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso
of Red Hat Product Security.

All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.

Affected Software/OS:
php on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-7345
Debian Security Information: DSA-2873 (Google Search)
http://www.debian.org/security/2014/dsa-2873
RedHat Security Advisories: RHSA-2014:1765
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0207
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 68243
http://www.securityfocus.com/bid/68243
Debian Security Information: DSA-2974 (Google Search)
http://www.debian.org/security/2014/dsa-2974
Debian Security Information: DSA-3021 (Google Search)
http://www.debian.org/security/2014/dsa-3021
HPdes Security Advisory: HPSBUX03102
http://marc.info/?l=bugtraq&m=141017844705317&w=2
HPdes Security Advisory: SSRT101681
http://mx.gw.com/pipermail/file/2014/001553.html
RedHat Security Advisories: RHSA-2014:1766
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59794
http://secunia.com/advisories/59831
SuSE Security Announcement: openSUSE-SU-2014:1236 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0237
BugTraq ID: 67759
http://www.securityfocus.com/bid/67759
http://secunia.com/advisories/59061
http://secunia.com/advisories/59329
http://secunia.com/advisories/59418
http://secunia.com/advisories/60998
SuSE Security Announcement: SUSE-SU-2014:0869 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0238
BugTraq ID: 67765
http://www.securityfocus.com/bid/67765
Common Vulnerability Exposure (CVE) ID: CVE-2014-3479
BugTraq ID: 68241
http://www.securityfocus.com/bid/68241
Common Vulnerability Exposure (CVE) ID: CVE-2014-3480
BugTraq ID: 68238
http://www.securityfocus.com/bid/68238
Common Vulnerability Exposure (CVE) ID: CVE-2014-3487
BugTraq ID: 68120
http://www.securityfocus.com/bid/68120
Common Vulnerability Exposure (CVE) ID: CVE-2014-3515
BugTraq ID: 68237
http://www.securityfocus.com/bid/68237
Common Vulnerability Exposure (CVE) ID: CVE-2014-4049
BugTraq ID: 68007
http://www.securityfocus.com/bid/68007
Debian Security Information: DSA-2961 (Google Search)
http://www.debian.org/security/2014/dsa-2961
http://www.openwall.com/lists/oss-security/2014/06/13/4
http://www.securitytracker.com/id/1030435
http://secunia.com/advisories/59270
http://secunia.com/advisories/59496
http://secunia.com/advisories/59513
http://secunia.com/advisories/59652
SuSE Security Announcement: SUSE-SU-2014:0868 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
SuSE Security Announcement: openSUSE-SU-2014:0841 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2014:0942 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-4721
http://twitter.com/mikispag/statuses/485713462258302976
https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
http://secunia.com/advisories/54553
SuSE Security Announcement: openSUSE-SU-2014:0945 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.