Multiple vulnerabilities in PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2016-2116 CVE-2008-5557 CVE-2008-2829 CVE-2008-2665 |
| CWE-ID | CWE-401 CWE-122 CWE-119 CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
jasper (Alpine package) Operating systems & Components / Operating system package or component PHP Universal components / Libraries / Scripting languages |
| Vendor |
Alpine Linux Development Team PHP Group |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU33253
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-2116
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. A remote attacker can perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsjasper (Alpine package): 1.900.1-r11 - 1.900.1-r12
CPE2.3- cpe:2.3:a:alpine:jasper_alpine_package:1.900.1-r11:*:*:*:*:alpine_linux:*:2.7
- cpe:2.3:a:alpine:jasper_alpine_package:1.900.1-r12:*:*:*:*:alpine_linux:*:3.0
https://git.alpinelinux.org/aports/commit/?id=9d20dfb4b70c35a10a26afd2ddfb7f487ee2eeb9
https://git.alpinelinux.org/aports/commit/?id=5cb610fc7996f6d7ddcdffd54f62c2adc184be7a
https://git.alpinelinux.org/aports/commit/?id=e8da5230ad1d093c3862cca920ceec95b812f23d
https://git.alpinelinux.org/aports/commit/?id=81be3fe3c463ee04af98ce512eeb4953800941b9
https://git.alpinelinux.org/aports/commit/?id=aad6049e893525da6da4ffa07329f4fe1377b55c
https://git.alpinelinux.org/aports/commit/?id=0d073f6c289592065b773cef9b13f0559dd4d58e
https://git.alpinelinux.org/aports/commit/?id=244e4d797e740c7fedf8e3e9df9d9d85859b11b4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU110332
Risk: High
CVSSv4.0: N/A
CVE-ID: CVE-2008-5557
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6. A remote attacker can use a crafted string containing an HTML entity to trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 4.3 - 5.2.6
CPE2.3- cpe:2.3:a:php_group:php:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:4.3.9:*:*:*:*:*:*:*
https://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html
https://bugs.php.net/bug.php?id=45722
https://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
https://lists.apple.com/archives/security-announce/2009/May/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
https://marc.info/?l=bugtraq&m=124654546101607&w=2
https://marc.info/?l=bugtraq&m=125631037611762&w=2
https://secunia.com/advisories/34642
https://secunia.com/advisories/35003
https://secunia.com/advisories/35074
https://secunia.com/advisories/35306
https://secunia.com/advisories/35650
https://securitytracker.com/id?1021482
https://support.apple.com/kb/HT3549
https://wiki.rpath.com/Advisories:rPSA-2009-0035
https://www.debian.org/security/2009/dsa-1789
https://www.mandriva.com/security/advisories?name=MDVSA-2009:045
https://www.php.net/ChangeLog-5.php#5.2.7
https://www.redhat.com/support/errata/RHSA-2009-0350.html
https://www.securityfocus.com/archive/1/501376/100/0/threaded
https://www.securityfocus.com/bid/32948
https://www.us-cert.gov/cas/techalerts/TA09-133A.html
https://www.vupen.com/english/advisories/2009/1297
https://exchange.xforce.ibmcloud.com/vulnerabilities/47525
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU110341
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2008-2829
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.5 - 5.2.6
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=42862
https://lists.apple.com/archives/security-announce/2009/May/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
https://marc.info/?l=bugtraq&m=124654546101607&w=2
https://marc.info/?l=bugtraq&m=125631037611762&w=2
https://osvdb.org/46641
https://secunia.com/advisories/31200
https://secunia.com/advisories/32746
https://secunia.com/advisories/35074
https://secunia.com/advisories/35306
https://secunia.com/advisories/35650
https://security.gentoo.org/glsa/glsa-200811-05.xml
https://support.apple.com/kb/HT3549
https://wiki.rpath.com/Advisories:rPSA-2009-0035
https://www.mandriva.com/security/advisories?name=MDVSA-2008:126
https://www.mandriva.com/security/advisories?name=MDVSA-2008:127
https://www.mandriva.com/security/advisories?name=MDVSA-2008:128
https://www.openwall.com/lists/oss-security/2008/06/19/6
https://www.openwall.com/lists/oss-security/2008/06/24/2
https://www.securityfocus.com/archive/1/501376/100/0/threaded
https://www.securityfocus.com/bid/29829
https://www.ubuntu.com/usn/usn-628-1
https://www.us-cert.gov/cas/techalerts/TA09-133A.html
https://www.vupen.com/english/advisories/2009/1297
https://bugs.gentoo.org/show_bug.cgi?id=221969
https://exchange.xforce.ibmcloud.com/vulnerabilities/43357
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Path traversal
EUVDB-ID: #VU110342
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2008-2665
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the posix_access function in PHP 5.2.6 and earlier. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to bypass safe_mode restrictions via a . (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.6
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.6:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce/2009/May/msg00002.html
https://marc.info/?l=bugtraq&m=124654546101607&w=2
https://marc.info/?l=bugtraq&m=125631037611762&w=2
https://secunia.com/advisories/32746
https://secunia.com/advisories/35074
https://secunia.com/advisories/35650
https://security.gentoo.org/glsa/glsa-200811-05.xml
https://securityreason.com/achievement_securityalert/54
https://securityreason.com/securityalert/3941
https://support.apple.com/kb/HT3549
https://wiki.rpath.com/Advisories:rPSA-2009-0035
https://www.securityfocus.com/archive/1/501376/100/0/threaded
https://www.securityfocus.com/bid/29797
https://www.securitytracker.com/id?1020327
https://www.us-cert.gov/cas/techalerts/TA09-133A.html
https://www.vupen.com/english/advisories/2009/1297
https://exchange.xforce.ibmcloud.com/vulnerabilities/43196
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
