Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.702974 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 2974-1 (php5 - security update) |
Summary: | Several vulnerabilities were found in PHP, a general-purpose scripting;language commonly used for web application development. The Common;Vulnerabilities and Exposures project identifies the following problems:;;CVE-2014-0207;Francisco Alonso of the Red Hat Security Response Team reported an;incorrect boundary check in the cdf_read_short_sector() function.;;CVE-2014-3478;Francisco Alonso of the Red Hat Security Response Team discovered a;flaw in the way the truncated pascal string size in the mconvert();function is computed.;;CVE-2014-3479;Francisco Alonso of the Red Hat Security Response Team reported an;incorrect boundary check in the cdf_check_stream_offset() function.;;CVE-2014-3480;Francisco Alonso of the Red Hat Security Response Team reported an;insufficient boundary check in the cdf_count_chain() function.;;CVE-2014-3487;Francisco Alonso of the Red Hat Security Response Team discovered an;incorrect boundary check in the cdf_read_property_info() function.;;CVE-2014-3515;Stefan Esser discovered that the ArrayObject and the;SPLObjectStorage unserialize() handler do not verify the type of;unserialized data before using it. A remote attacker could use this;flaw to execute arbitrary code.;;CVE-2014-4721;Stefan Esser discovered a type confusion issue affecting phpinfo(),;which might allow an attacker to obtain sensitive information from;process memory. |
Description: | Summary: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_read_short_sector() function. CVE-2014-3478 Francisco Alonso of the Red Hat Security Response Team discovered a flaw in the way the truncated pascal string size in the mconvert() function is computed. CVE-2014-3479 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_check_stream_offset() function. CVE-2014-3480 Francisco Alonso of the Red Hat Security Response Team reported an insufficient boundary check in the cdf_count_chain() function. CVE-2014-3487 Francisco Alonso of the Red Hat Security Response Team discovered an incorrect boundary check in the cdf_read_property_info() function. CVE-2014-3515 Stefan Esser discovered that the ArrayObject and the SPLObjectStorage unserialize() handler do not verify the type of unserialized data before using it. A remote attacker could use this flaw to execute arbitrary code. CVE-2014-4721 Stefan Esser discovered a type confusion issue affecting phpinfo(), which might allow an attacker to obtain sensitive information from process memory. Affected Software/OS: php5 on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 5.4.4-14+deb7u12. In addition, this update contains several bugfixes originally targeted for the upcoming Wheezy point release. For the testing distribution (jessie), these problems have been fixed in version 5.6.0~ rc2+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 5.6.0~ rc2+dfsg-1. We recommend that you upgrade your php5 packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0207 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 68243 http://www.securityfocus.com/bid/68243 Debian Security Information: DSA-2974 (Google Search) http://www.debian.org/security/2014/dsa-2974 Debian Security Information: DSA-3021 (Google Search) http://www.debian.org/security/2014/dsa-3021 HPdes Security Advisory: HPSBUX03102 http://marc.info/?l=bugtraq&m=141017844705317&w=2 HPdes Security Advisory: SSRT101681 http://mx.gw.com/pipermail/file/2014/001553.html RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 SuSE Security Announcement: openSUSE-SU-2014:1236 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3478 BugTraq ID: 68239 http://www.securityfocus.com/bid/68239 RedHat Security Advisories: RHSA-2014:1327 http://rhn.redhat.com/errata/RHSA-2014-1327.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3479 BugTraq ID: 68241 http://www.securityfocus.com/bid/68241 Common Vulnerability Exposure (CVE) ID: CVE-2014-3480 BugTraq ID: 68238 http://www.securityfocus.com/bid/68238 Common Vulnerability Exposure (CVE) ID: CVE-2014-3487 BugTraq ID: 68120 http://www.securityfocus.com/bid/68120 Common Vulnerability Exposure (CVE) ID: CVE-2014-3515 BugTraq ID: 68237 http://www.securityfocus.com/bid/68237 http://secunia.com/advisories/60998 Common Vulnerability Exposure (CVE) ID: CVE-2014-4721 http://twitter.com/mikispag/statuses/485713462258302976 https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html http://secunia.com/advisories/54553 SuSE Security Announcement: openSUSE-SU-2014:0945 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |