Subject: PHP 5.6.x < 5.6.7 Multiple Vulnerabilities
Tech Stack:
Date Issued:
- Original Date: 2015-03-24
- Last Modified Date: 2024-05-31
Criticality:
- Severity: Critical
- Description: The remote web server uses a version of PHP that is affected by multiple vulnerabilities, allowing for potential remote code execution, denial of service, and security bypass.
Overview:
- PHP versions prior to 5.6.7 contain several vulnerabilities that can be exploited by remote attackers to cause denial of service, execute arbitrary code, or bypass security restrictions. These vulnerabilities include use-after-free errors, integer overflow errors, filter bypass, and type confusion vulnerabilities.
Attack Mechanisms:
- Use-After-Free Error (CVE-2015-0231):
- Exploiting a flaw in the
unserialize function to execute arbitrary code.
- Integer Overflow in
regcomp (CVE-2015-2305):
- Improper validation leading to denial of service or code execution.
- Integer Overflow in
_zip_cdir_new (CVE-2015-2331):
- Crafted ZIP archive can cause denial of service or code execution.
- Filter Bypass in
move_uploaded_file (CVE-2015-2348):
- Pathnames truncated at NULL byte, allowing bypass of extension restrictions.
- Use-After-Free in
process_nested_data (CVE-2015-2787):
- Dereferencing already freed memory, leading to code execution.
- Type Confusion in
SoapClient::__call (CVE-2015-4147, CVE-2015-4148):
- Crafted serialized data with unexpected data type leading to arbitrary code execution.
Affected Systems:
- PHP versions prior to 5.6.7.
Mitigation Solution:
- Upgrade: Upgrade to PHP version 5.6.7 or later.
- Patch: Apply patches from PHP.net and relevant vendors.
- Configuration: Ensure all software dependencies are updated and follow best security practices for PHP configuration.
References: