1 min read

Mitigation Instructions for PHP 5.6.x < 5.6.7 Multiple Vulnerabilities

Mitigation Instructions for PHP 5.6.x < 5.6.7 Multiple Vulnerabilities

Subject: PHP 5.6.x < 5.6.7 Multiple Vulnerabilities

Tech Stack:

  • PHP 5.6.x

Date Issued:

  • Original Date: 2015-03-24
  • Last Modified Date: 2024-05-31

Criticality:

  • Severity: Critical
  • Description: The remote web server uses a version of PHP that is affected by multiple vulnerabilities, allowing for potential remote code execution, denial of service, and security bypass.

Overview:

  • PHP versions prior to 5.6.7 contain several vulnerabilities that can be exploited by remote attackers to cause denial of service, execute arbitrary code, or bypass security restrictions. These vulnerabilities include use-after-free errors, integer overflow errors, filter bypass, and type confusion vulnerabilities.

Attack Mechanisms:

  1. Use-After-Free Error (CVE-2015-0231):
    • Exploiting a flaw in the unserialize function to execute arbitrary code.
  2. Integer Overflow in regcomp (CVE-2015-2305):
    • Improper validation leading to denial of service or code execution.
  3. Integer Overflow in _zip_cdir_new (CVE-2015-2331):
    • Crafted ZIP archive can cause denial of service or code execution.
  4. Filter Bypass in move_uploaded_file (CVE-2015-2348):
    • Pathnames truncated at NULL byte, allowing bypass of extension restrictions.
  5. Use-After-Free in process_nested_data (CVE-2015-2787):
    • Dereferencing already freed memory, leading to code execution.
  6. Type Confusion in SoapClient::__call (CVE-2015-4147, CVE-2015-4148):
    • Crafted serialized data with unexpected data type leading to arbitrary code execution.

Affected Systems:

  • PHP versions prior to 5.6.7.

Mitigation Solution:

  1. Upgrade: Upgrade to PHP version 5.6.7 or later.
  2. Patch: Apply patches from PHP.net and relevant vendors.
  3. Configuration: Ensure all software dependencies are updated and follow best security practices for PHP configuration.

References:

Mitigation Instructions for Drupal SEoL (8.x)

Mitigation Instructions for Drupal SEoL (8.x)

Subject: Mitigating Vulnerability in Unsupported Drupal 8.x

Read More
Mitigation Instructions for Redis Server Unprotected by Password Authentication

Mitigation Instructions for Redis Server Unprotected by Password Authentication

Subject: Redis Server Unprotected by Password Authentication

Read More
Mitigation Instructions for Drupal SEoL (6.x)

Mitigation Instructions for Drupal SEoL (6.x)

Subject: Drupal Unsupported Version Detection (6.x)

Read More