Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.807092 |
Category: | Web application abuses |
Title: | PHP 'phar_fix_filepath' Function Stack Buffer Overflow Vulnerability - Mar16 (Windows) |
Summary: | PHP is prone to a stack buffer overflow vulnerability. |
Description: | Summary: PHP is prone to a stack buffer overflow vulnerability. Vulnerability Insight: Multiple flaws are due to - Inadequate boundary checks on user-supplied input by 'phar_fix_filepath' function in 'ext/phar/phar.c' script. - Improper validation of file pointer in the 'phar_convert_to_other' function in 'ext/phar/phar_object.c' script. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to execute arbitrary code in the context of the PHP process. Failed exploit attempts will likely crash the webserver. Affected Software/OS: PHP versions before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 on Windows Solution: Update to PHP version 5.4.43, or 5.5.27, or 5.6.11 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 75970 BugTraq ID: 88763 BugTraq ID: 75974 Common Vulnerability Exposure (CVE) ID: CVE-2015-5590 http://www.securityfocus.com/bid/75970 Debian Security Information: DSA-3344 (Google Search) http://www.debian.org/security/2015/dsa-3344 http://openwall.com/lists/oss-security/2015/07/18/1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8838 SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html SuSE Security Announcement: SUSE-SU-2016:1166 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html SuSE Security Announcement: openSUSE-SU-2016:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-5589 http://www.securityfocus.com/bid/75974 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |