SB2015030301 - Ubuntu update for PHP 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015030301

SB2015030301 - Ubuntu update for PHP

Published: March 3, 2015 Updated: November 27, 2018

Security Bulletin ID SB2015030301
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2014-1943)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite recursion when insufficient validation of user-supplied input. A local attacker can trigger CPU consumption and cause the service to crash.


2) Heap-based buffer overflow (CVE-ID: CVE-2013-7226)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9. A remote attacker can use an imagecrop function call with a large x dimension value to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) NULL pointer dereference (CVE-ID: CVE-2013-7327)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return value. A remote attacker can trigger NULL pointer dereference via invalid imagecrop arguments and cause the service to crash.

4) Integer overflow (CVE-ID: CVE-2013-7328)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9. A remote attacker can cause application crash or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension.

5) Information disclosure (CVE-ID: CVE-2014-2020)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types. A remote attacker can use a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value and obtain sensitive information.

Remediation

Install update from vendor's website.

References