英文漏洞報告解讀(一)——PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
阿新 • • 發佈:2018-09-04
object 規則 regular files rec only vid overflow sts ---------------------------------
----------------------------------------------------------------------------------------------------------
High
PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
Description
According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities :
- LibGD contains a NULL pointer dereference flaw in its ‘gdImageCreateFromXpm‘ function in the ‘gdxpm.c‘ file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497) - The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)
- An integer overflow flaw exists in the ‘cdf.c‘ file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)
- There are multiple buffer overflow flaws in the ‘dns.c‘ file related to the ‘dns_get_record‘ and ‘dn_expand‘ functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)
- A flaw exists in the ‘spl_dllist.c‘ file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670)
- A flaw exists in the ‘spl_array.c‘ file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698)
- There exist multiple flaws in the GD component within the ‘gd_ctx.c‘ file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application‘s self-reported version number.
Solution
Upgrade to PHP version 5.4.32 or later.
----------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------
漏洞標題:PHP 5.4.x <5.4.32多個漏洞
漏洞類型:通用型
漏洞等級:高危
簡要描述:
根據其版本,不再支持在遠程主機上安裝PHP。
缺乏支持意味著供應商不會發布該產品的新安全補丁。因此,它可能包含安全漏洞。
詳細細節:
根據其標題,遠程Web服務器在5.4.32之前運行PHP 5.4.x版本。因此,它受到以下漏洞的影響:
- LibGD在‘gdxpm.c‘文件的‘gdImageCreateFromXpm‘函數中包含一個NULL指針解引用缺陷。
通過使用特制的顏色映射,遠程攻擊者可能會導致拒絕服務。
(CVE-2014-2497)
- CVE-2013-7345 的原始上遊補丁未提供完整的解決方案。因此,遠程攻擊者仍然可以部署特制的輸入文件,以便在嘗試使用awk正則表達式規則檢測文件類型時使用過多的資源。這可能會導致拒絕服務。(CVE-2014-3538)
- ‘cdf.c‘文件中存在整數溢出缺陷。通過使用特制的CDF文件,遠程攻擊者可能會導致拒絕服務。(CVE-2014-3587)
- ‘dns.c‘文件中存在多個與‘dns_get_record‘和‘dn_expand‘函數相關的緩沖區溢出缺陷。通過使用特制的DNS記錄,遠程攻擊者可以利用這些記錄來導致拒絕服務或執行任意代碼。(CVE-2014-3597)
- ‘spl_dllist.c‘文件中存在一個缺陷,當在對象上進行叠代時,該缺陷可能導致SPL組件中的釋放後使用條件。攻擊者可以利用此漏洞導致拒絕服務。(CVE-2014-4670)
- ‘spl_array.c‘文件中存在一個缺陷,當在排序時處理對象的修改時,這可能導致SPL組件中的釋放後使用條件。攻擊者可以利用此漏洞導致拒絕服務。(CVE-2014-4698)
- ‘gd_ctx.c‘文件中的GD組件中存在多個缺陷,其中未正確驗證用戶提供的輸入以確保路徑名缺少%00序列。通過使用特制輸入,遠程攻擊者可以覆蓋任意文件。
(CVE-2014-5120)
修復方案:升級到PHP版本5.4.32或更高版本。
Nessus掃描報告
---------------------------------------------------------------------------------------------------------------------------------------------------------------
High
PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
Description
According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities :
- LibGD contains a NULL pointer dereference flaw in its ‘gdImageCreateFromXpm‘ function in the ‘gdxpm.c‘ file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497) - The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)
- An integer overflow flaw exists in the ‘cdf.c‘ file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)
- There are multiple buffer overflow flaws in the ‘dns.c‘ file related to the ‘dns_get_record‘ and ‘dn_expand‘ functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)
- A flaw exists in the ‘spl_dllist.c‘ file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670)
- A flaw exists in the ‘spl_array.c‘ file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698)
- There exist multiple flaws in the GD component within the ‘gd_ctx.c‘ file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application‘s self-reported version number.
Solution
Upgrade to PHP version 5.4.32 or later.
----------------------------------------
漏洞報告中文對照:如有不妥之處歡迎指正
------------------------------------------------------------------------------------------------------------------------------------------------
漏洞標題:PHP 5.4.x <5.4.32多個漏洞
漏洞類型:通用型
漏洞等級:高危
簡要描述:
根據其版本,不再支持在遠程主機上安裝PHP。
缺乏支持意味著供應商不會發布該產品的新安全補丁。因此,它可能包含安全漏洞。
詳細細節:
根據其標題,遠程Web服務器在5.4.32之前運行PHP 5.4.x版本。因此,它受到以下漏洞的影響:
- LibGD在‘gdxpm.c‘文件的‘gdImageCreateFromXpm‘函數中包含一個NULL指針解引用缺陷。
通過使用特制的顏色映射,遠程攻擊者可能會導致拒絕服務。
(CVE-2014-2497)
- CVE-2013-7345 的原始上遊補丁未提供完整的解決方案。因此,遠程攻擊者仍然可以部署特制的輸入文件,以便在嘗試使用awk正則表達式規則檢測文件類型時使用過多的資源。這可能會導致拒絕服務。(CVE-2014-3538)
- ‘cdf.c‘文件中存在整數溢出缺陷。通過使用特制的CDF文件,遠程攻擊者可能會導致拒絕服務。(CVE-2014-3587)
- ‘dns.c‘文件中存在多個與‘dns_get_record‘和‘dn_expand‘函數相關的緩沖區溢出缺陷。通過使用特制的DNS記錄,遠程攻擊者可以利用這些記錄來導致拒絕服務或執行任意代碼。(CVE-2014-3597)
- ‘spl_dllist.c‘文件中存在一個缺陷,當在對象上進行叠代時,該缺陷可能導致SPL組件中的釋放後使用條件。攻擊者可以利用此漏洞導致拒絕服務。(CVE-2014-4670)
- ‘spl_array.c‘文件中存在一個缺陷,當在排序時處理對象的修改時,這可能導致SPL組件中的釋放後使用條件。攻擊者可以利用此漏洞導致拒絕服務。(CVE-2014-4698)
- ‘gd_ctx.c‘文件中的GD組件中存在多個缺陷,其中未正確驗證用戶提供的輸入以確保路徑名缺少%00序列。通過使用特制輸入,遠程攻擊者可以覆蓋任意文件。
(CVE-2014-5120)
修復方案:升級到PHP版本5.4.32或更高版本。
英文漏洞報告解讀(一)——PHP 5.4.x < 5.4.32 Multiple Vulnerabilities