Debian update for php7.0
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-11144 CVE-2017-11145 CVE-2017-11628 CVE-2017-12932 CVE-2017-12933 CVE-2017-12934 CVE-2017-16642 |
| CWE-ID | CWE-284 CWE-125 CWE-121 CWE-416 CWE-502 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #7 is available. |
| Vulnerable software |
Debian Linux Operating systems & Components / Operating system |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU9716
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11144
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function. A remote attacker can trigger a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.
Successful exploitation of the vulnerability results in denial of service.
Update the affected package to version: 7.0.27-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=74651
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU8965
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11145
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can read arbitrary data on the target system.
Update the affected package to version: 7.0.27-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://php.net/ChangeLog-5.php#5.6.32
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU7356
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-11628
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or potentially execute arbitrary code.
The weakness exists due to stack buffer overflow in PHP INI parsing API 2 when handling malicious input. A remote attacker can send specially crafted data, trigger stack buffer overflow in zend_ini_do_op() that may lead to out-of-bounds write, cause the application to crash or execute arbitrary code with web server privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 7.0.27-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://php.net/ChangeLog-7.php#7.0.21
https://bugs.php.net/bug.php?id=74603
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap use-after-free error
EUVDB-ID: #VU8137
Risk: Medium
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-12932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper use of the hash API for key deletion in a situation with an invalid array size. A remote attacker can use untrusted data to trigger heap use-after-free error in ext/standard/var_unserializer.re and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 7.0.27-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=74103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Deserialization of untrusted data
EUVDB-ID: #VU9956
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12933
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a buffer over-read while unserializing untrusted data in the finish_nested_data function in ext/standard/var_unserializer.re. A remote attacker can perform a denial of service attack.
Mitigation
Update the affected package to version: 7.0.27-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://php.net/ChangeLog-5.php
https://php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=74111
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Deserialization of untrusted data
EUVDB-ID: #VU9957
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-12934
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h in ext/standard/var_unserializer.re. A remote attacker can trigger a use-after-free condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package to version: 7.0.27-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=74101
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU8968
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-16642
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can cause the application to crash.
Update the affected package to version: 7.0.27-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=75055
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
