Arbitrary code execution in php (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-7416 |
| CWE-ID | CWE-284 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
php (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Arbitrary code execution
EUVDB-ID: #VU523
Risk: High
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7416
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsphp (Alpine package): 5.6.25-r0
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=c498273a9b9628de4f8a7115271dddfd87ea7807
https://git.alpinelinux.org/aports/commit/?id=c72d2f6e4c8e60010afb92635a3fe5c20e932f4d
https://git.alpinelinux.org/aports/commit/?id=2ba3a04506152c4867294cfe5a2d647e254f533e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
