SB2016092303 - Multiple vulnerabilities in PHP
Published: September 23, 2016 Updated: April 5, 2018
Security Bulletin ID
SB2016092303
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Deserialization of untrusted data (CVE-ID: CVE-2016-9138)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.The vulnerability exists due to unsafe handling of serialized data when processing property modification during __wakeup(). A remote attacker can pass specially crafted serialized data to the application and cause denial of service attack.
2) Use-after-free error (CVE-ID: CVE-2015-6835)
The vulnerability alows a remote unauthenticated user to execute arbitrary code or cause DoS conditions on the target system.The weakness exists due to incorrect processing of multiple php_var_unserialize calls while deserializing data with the session deserializer. By sending a specially crafted serialized string, attackers can trigger a use-after-free that can be used to execute arbitrary code or cause a service crash.
Successful exploitation of the vulnerability results in arbitrary code execution or denial of service on the vulnerable system.
Remediation
Install update from vendor's website.