SB2014071704 - Type Confusion in php (Alpine package)
Published: July 17, 2014
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Type Confusion (CVE-ID: CVE-2014-4721)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a type confusion error when the phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables. A local attacker can use the integer data type with crafted values, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php and obtain sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=ca28f9f2b2d71543d8afa49b6568e61fd8b6513c
- https://git.alpinelinux.org/aports/commit/?id=8532bf89eef0b45719c695ca28fb3d1edf74dfc3
- https://git.alpinelinux.org/aports/commit/?id=9a7aacbfe4b33c0a6622963074c4875275960e95
- https://git.alpinelinux.org/aports/commit/?id=d07eb25516cc54067c06cb80e93cfd50471209ac