#VU525 Arbitrary code execution in PHP


Published: 2016-09-19

Vulnerability identifier: #VU525

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7414

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory error in phar_parse_zipfile() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation
Update to 5.6.26.
http://php.net/ChangeLog-5.php#5.6.26
Update to 7.0.11.
http://php.net/ChangeLog-7.php#7.0.11

Vulnerable software versions

PHP: 7.0.11, 5.6.26

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for php
SUSE Linux update for php5
Arbitrary code execution in php (Alpine package)
OpenSUSE Linux update for php5
SUSE Linux update for php5
SUSE Linux update for php53
SUSE Linux update for php53
OpenSUSE Linux update for php5
Slackware Linux update for php
Arch Linux update for php