SB2017080317 - Amazon Linux AMI update for php70

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017080317

SB2017080317 - Amazon Linux AMI update for php70

Published: August 3, 2017

Security Bulletin ID SB2017080317
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Heap-out-of-bounds write (CVE-ID: CVE-2017-9228)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists in the mbstring due to heap out-of-bounds write in bitset_set_range() during regular expression compilation due to incorrect state transition in parse_char_class(). A remote attacker can trigger out-of-bounds write memory corruption and execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Information disclosure (CVE-ID: CVE-2017-7890)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c due to it does not zero colorMap arrays before use. A remote attacker can trick the victim into opening a specially crafted GIF image that could use the uninitialized tables to read ~700 bytes from the top of the stack and gain access to potentially sensitive information.


3) Null pointer dereference (CVE-ID: CVE-2017-9229)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists in the mbstring due to an error in handling of reg->dmin in forward_search_range(). A remote attacker can trigger SIGSEGV in left_adjust_char_head() during regular expression compilation, cause NULL pointer dereference and the application to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Heap-out-of-bounds write (CVE-ID: CVE-2017-9226)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists in the mbstring due to heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. A remote attacker can supply a malformed regular expression containing an octal number in the form of '\700', trigger
out-of-bounds write memory corruption and execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Out-of-bounds read (CVE-ID: CVE-2017-9227)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the mbstring due to an error in handling of reg->dmin in forward_search_range(). A remote attacker can trigger stack out-of-bounds read in mbc_enc_len() during regular expression searching and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

6) Out-of-bounds read (CVE-ID: CVE-2017-9224)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the mbstring due to stack out-of-bounds read in match_at() during regular expression searching. A remote attacker can trigger a logical error involving order of validation and access in match_at() and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Install update from vendor's website.

References