 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.890875 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DLA-875-1) |
| Summary: | The remote host is missing an update for the Debian 'php5' package(s) announced via the DLA-875-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'php5' package(s) announced via the DLA-875-1 advisory. Vulnerability Insight: Several issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. CVE-2016-7478 Zend/zend_exceptions.c in PHP allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. CVE-2016-7479 During the unserialization process, resizing the properties hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain the ability of arbitrary code execution. Even though the property table issue only affects PHP 7 this change also prevents a wide range of other __wakeup() based attacks. CVE-2017-7272 The fsockopen() function will use the port number which is defined in hostname instead of the port number passed to the second parameter of the function. This misbehavior may introduce another attack vector for an already known application vulnerability (e.g. Server Side Request Forgery). For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u8. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'php5' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7478 BugTraq ID: 95150 http://www.securityfocus.com/bid/95150 http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf https://bugs.php.net/bug.php?id=73093 https://www.youtube.com/watch?v=LDcaPstAuPk Common Vulnerability Exposure (CVE) ID: CVE-2016-7479 BugTraq ID: 95151 http://www.securityfocus.com/bid/95151 https://bugs.php.net/bug.php?id=73092 RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 http://www.securitytracker.com/id/1037659 Common Vulnerability Exposure (CVE) ID: CVE-2017-7272 BugTraq ID: 97178 http://www.securityfocus.com/bid/97178 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt http://www.securitytracker.com/id/1038158 |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |