Gentoo update for PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2014-3710 CVE-2014-8142 CVE-2014-9425 CVE-2014-9427 CVE-2015-0231 CVE-2015-0232 |
| CWE-ID | CWE-125 CWE-416 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU3892
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-3710
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present. A remote attacker can trigger out-of-bounds read and cause the application to crash via a crafted ELF file.
Update the affected packages.
dev-lang/php to version: 5.5.21
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201503-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU16100
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2014-8142
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4. A remote attacker can trigger memory corruption via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object and execute arbitrary code. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-lang/php to version: 5.5.21
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201503-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Input validation error
EUVDB-ID: #VU40984
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-9425
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service or possibly have unspecified other impact via unknown vectors.
MitigationUpdate the affected packages.
dev-lang/php to version: 5.5.21
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201503-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU16102
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-9427
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to out-of-bounds read when sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character. A remote attacker can obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
MitigationUpdate the affected packages.
dev-lang/php to version: 5.5.21
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201503-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU16101
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-0231
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to гse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5. A remote attacker can trigger memory corruption via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an objecе. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-lang/php to version: 5.5.21
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201503-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Improper input validation
EUVDB-ID: #VU16104
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-0232
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to an error in the exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5. A remote attacker can trigger uninitialized pointer free via crafted EXIF data in a JPEG image and cause the service to crash or execute arbitrary code.
Update the affected packages.
dev-lang/php to version: 5.5.21
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201503-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
