Amazon Linux AMI update for php

Published: 2012-01-19

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2011-4566 CVE-2011-4885
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #2 is available.
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU33696

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-4566

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

Mitigation

Update the affected packages:

i686:
    php-dba-5.3.9-1.9.amzn1.i686
    php-odbc-5.3.9-1.9.amzn1.i686
    php-embedded-5.3.9-1.9.amzn1.i686
    php-mbstring-5.3.9-1.9.amzn1.i686
    php-pgsql-5.3.9-1.9.amzn1.i686
    php-common-5.3.9-1.9.amzn1.i686
    php-debuginfo-5.3.9-1.9.amzn1.i686
    php-ldap-5.3.9-1.9.amzn1.i686
    php-cli-5.3.9-1.9.amzn1.i686
    php-fpm-5.3.9-1.9.amzn1.i686
    php-5.3.9-1.9.amzn1.i686
    php-imap-5.3.9-1.9.amzn1.i686
    php-bcmath-5.3.9-1.9.amzn1.i686
    php-soap-5.3.9-1.9.amzn1.i686
    php-devel-5.3.9-1.9.amzn1.i686
    php-xml-5.3.9-1.9.amzn1.i686
    php-pdo-5.3.9-1.9.amzn1.i686
    php-mcrypt-5.3.9-1.9.amzn1.i686
    php-mysqlnd-5.3.9-1.9.amzn1.i686
    php-snmp-5.3.9-1.9.amzn1.i686
    php-mysql-5.3.9-1.9.amzn1.i686
    php-process-5.3.9-1.9.amzn1.i686
    php-tidy-5.3.9-1.9.amzn1.i686
    php-intl-5.3.9-1.9.amzn1.i686
    php-gd-5.3.9-1.9.amzn1.i686
    php-pspell-5.3.9-1.9.amzn1.i686
    php-mssql-5.3.9-1.9.amzn1.i686
    php-xmlrpc-5.3.9-1.9.amzn1.i686

src:
    php-5.3.9-1.9.amzn1.src

x86_64:
    php-embedded-5.3.9-1.9.amzn1.x86_64
    php-xml-5.3.9-1.9.amzn1.x86_64
    php-intl-5.3.9-1.9.amzn1.x86_64
    php-soap-5.3.9-1.9.amzn1.x86_64
    php-ldap-5.3.9-1.9.amzn1.x86_64
    php-mcrypt-5.3.9-1.9.amzn1.x86_64
    php-debuginfo-5.3.9-1.9.amzn1.x86_64
    php-pgsql-5.3.9-1.9.amzn1.x86_64
    php-mysqlnd-5.3.9-1.9.amzn1.x86_64
    php-odbc-5.3.9-1.9.amzn1.x86_64
    php-mbstring-5.3.9-1.9.amzn1.x86_64
    php-pspell-5.3.9-1.9.amzn1.x86_64
    php-pdo-5.3.9-1.9.amzn1.x86_64
    php-tidy-5.3.9-1.9.amzn1.x86_64
    php-dba-5.3.9-1.9.amzn1.x86_64
    php-gd-5.3.9-1.9.amzn1.x86_64
    php-fpm-5.3.9-1.9.amzn1.x86_64
    php-cli-5.3.9-1.9.amzn1.x86_64
    php-devel-5.3.9-1.9.amzn1.x86_64
    php-mysql-5.3.9-1.9.amzn1.x86_64
    php-mssql-5.3.9-1.9.amzn1.x86_64
    php-xmlrpc-5.3.9-1.9.amzn1.x86_64
    php-process-5.3.9-1.9.amzn1.x86_64
    php-bcmath-5.3.9-1.9.amzn1.x86_64
    php-snmp-5.3.9-1.9.amzn1.x86_64
    php-common-5.3.9-1.9.amzn1.x86_64
    php-5.3.9-1.9.amzn1.x86_64
    php-imap-5.3.9-1.9.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2012-37.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU32831

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2011-4885

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Mitigation

Update the affected packages:

i686:
    php-dba-5.3.9-1.9.amzn1.i686
    php-odbc-5.3.9-1.9.amzn1.i686
    php-embedded-5.3.9-1.9.amzn1.i686
    php-mbstring-5.3.9-1.9.amzn1.i686
    php-pgsql-5.3.9-1.9.amzn1.i686
    php-common-5.3.9-1.9.amzn1.i686
    php-debuginfo-5.3.9-1.9.amzn1.i686
    php-ldap-5.3.9-1.9.amzn1.i686
    php-cli-5.3.9-1.9.amzn1.i686
    php-fpm-5.3.9-1.9.amzn1.i686
    php-5.3.9-1.9.amzn1.i686
    php-imap-5.3.9-1.9.amzn1.i686
    php-bcmath-5.3.9-1.9.amzn1.i686
    php-soap-5.3.9-1.9.amzn1.i686
    php-devel-5.3.9-1.9.amzn1.i686
    php-xml-5.3.9-1.9.amzn1.i686
    php-pdo-5.3.9-1.9.amzn1.i686
    php-mcrypt-5.3.9-1.9.amzn1.i686
    php-mysqlnd-5.3.9-1.9.amzn1.i686
    php-snmp-5.3.9-1.9.amzn1.i686
    php-mysql-5.3.9-1.9.amzn1.i686
    php-process-5.3.9-1.9.amzn1.i686
    php-tidy-5.3.9-1.9.amzn1.i686
    php-intl-5.3.9-1.9.amzn1.i686
    php-gd-5.3.9-1.9.amzn1.i686
    php-pspell-5.3.9-1.9.amzn1.i686
    php-mssql-5.3.9-1.9.amzn1.i686
    php-xmlrpc-5.3.9-1.9.amzn1.i686

src:
    php-5.3.9-1.9.amzn1.src

x86_64:
    php-embedded-5.3.9-1.9.amzn1.x86_64
    php-xml-5.3.9-1.9.amzn1.x86_64
    php-intl-5.3.9-1.9.amzn1.x86_64
    php-soap-5.3.9-1.9.amzn1.x86_64
    php-ldap-5.3.9-1.9.amzn1.x86_64
    php-mcrypt-5.3.9-1.9.amzn1.x86_64
    php-debuginfo-5.3.9-1.9.amzn1.x86_64
    php-pgsql-5.3.9-1.9.amzn1.x86_64
    php-mysqlnd-5.3.9-1.9.amzn1.x86_64
    php-odbc-5.3.9-1.9.amzn1.x86_64
    php-mbstring-5.3.9-1.9.amzn1.x86_64
    php-pspell-5.3.9-1.9.amzn1.x86_64
    php-pdo-5.3.9-1.9.amzn1.x86_64
    php-tidy-5.3.9-1.9.amzn1.x86_64
    php-dba-5.3.9-1.9.amzn1.x86_64
    php-gd-5.3.9-1.9.amzn1.x86_64
    php-fpm-5.3.9-1.9.amzn1.x86_64
    php-cli-5.3.9-1.9.amzn1.x86_64
    php-devel-5.3.9-1.9.amzn1.x86_64
    php-mysql-5.3.9-1.9.amzn1.x86_64
    php-mssql-5.3.9-1.9.amzn1.x86_64
    php-xmlrpc-5.3.9-1.9.amzn1.x86_64
    php-process-5.3.9-1.9.amzn1.x86_64
    php-bcmath-5.3.9-1.9.amzn1.x86_64
    php-snmp-5.3.9-1.9.amzn1.x86_64
    php-common-5.3.9-1.9.amzn1.x86_64
    php-5.3.9-1.9.amzn1.x86_64
    php-imap-5.3.9-1.9.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2012-37.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.