SB2016101848 - Arbitrary code execution in php (Alpine package)
Published: October 18, 2016
Security Bulletin ID
SB2016101848
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Arbitrary code execution (CVE-ID: CVE-2016-7416)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Remediation
Install update from vendor's website.