Ubuntu update for PHP
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-2270 |
| CWE-ID | CWE-125 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
php5 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU16082
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2014-2270
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to out-of-bounds read error in softmagic.c in file before 5.17 and libmagic. A remote attacker can trigger out-of-bounds read error via crafted offsets in the softmagic of a PE executable and cause the service to crash.
MitigationUpdate the affected packages.
- Ubuntu 13.10:
- php5-cli 5.5.3+dfsg-1ubuntu2.3
- php5-cgi 5.5.3+dfsg-1ubuntu2.3
- libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.3
- Ubuntu 12.10:
- php5-cli 5.4.6-1ubuntu1.8
- php5-cgi 5.4.6-1ubuntu1.8
- libapache2-mod-php5 5.4.6-1ubuntu1.8
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.11
- php5-cgi 5.3.10-1ubuntu3.11
- libapache2-mod-php5 5.3.10-1ubuntu3.11
- Ubuntu 10.04 LTS:
- php5-cli 5.3.2-1ubuntu4.24
- php5-cgi 5.3.2-1ubuntu4.24
- libapache2-mod-php5 5.3.2-1ubuntu4.24
php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.10
External linkshttp://www.ubuntu.com/usn/usn-2163-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
