Ubuntu update for PHP

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Deserialization of untrusted data

EUVDB-ID: #VU9695

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-11143

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in parser.c function due to deserialization of untrusted data. A remote attacker can inject specially crafted XML file and crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Denial of service

EUVDB-ID: #VU9716

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-11144

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function. A remote attacker can trigger a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU8965

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-11145

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can read arbitrary data on the target system.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer over-read

EUVDB-ID: #VU9717

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-11147

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the PHAR archive handler. A remote attacker can supply malicious archive files, trigger buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c and cause the PHP interpreter to crash or potentially disclose information.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stack-based buffer overflow

EUVDB-ID: #VU7356

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-11628

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or potentially execute arbitrary code.

The weakness exists due to stack buffer overflow in PHP INI parsing API 2 when handling malicious input. A remote attacker can send specially crafted data, trigger stack buffer overflow in zend_ini_do_op() that may lead to out-of-bounds write, cause the application to crash or execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU7345

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-9224

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the mbstring due to stack out-of-bounds read in match_at() during regular expression searching. A remote attacker can trigger a logical error involving order of validation and access in match_at() and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap-out-of-bounds write

EUVDB-ID: #VU7346

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-9226

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists in the mbstring due to heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. A remote attacker can supply a malformed regular expression containing an octal number in the form of '\700', trigger
out-of-bounds write memory corruption and execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU7347

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-9227

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the mbstring due to an error in handling of reg->dmin in forward_search_range(). A remote attacker can trigger stack out-of-bounds read in mbc_enc_len() during regular expression searching and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Heap-out-of-bounds write

EUVDB-ID: #VU7348

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-9228

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists in the mbstring due to heap out-of-bounds write in bitset_set_range() during regular expression compilation due to incorrect state transition in parse_char_class(). A remote attacker can trigger out-of-bounds write memory corruption and execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Null pointer dereference

EUVDB-ID: #VU7349

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-9229

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists in the mbstring due to an error in handling of reg->dmin in forward_search_range(). A remote attacker can trigger SIGSEGV in left_adjust_char_head() during regular expression compilation, cause NULL pointer dereference and the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install updates from vendor's website:

Ubuntu 12.04 LTS:

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3 - 5.3.10-1ubuntu3.26

CPE2.3

External links