Main Vulnerability Database SB2016101848

SB2016101848 - Arbitrary code execution in php (Alpine package)

Published: October 18, 2016

Security Bulletin ID SB2016101848

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Arbitrary code execution (CVE-ID: CVE-2016-7416)

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=c498273a9b9628de4f8a7115271dddfd87ea7807
https://git.alpinelinux.org/aports/commit/?id=c72d2f6e4c8e60010afb92635a3fe5c20e932f4d
https://git.alpinelinux.org/aports/commit/?id=2ba3a04506152c4867294cfe5a2d647e254f533e