Debian update for php7.0
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-7584 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 CVE-2018-5712 |
| CWE-ID | CWE-121 CWE-200 CWE-835 CWE-79 CWE-300 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
Debian Linux Operating systems & Components / Operating system |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU10800
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-7584
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to stack-based buffer overflow when handling malicious input. A remote attacker can send specially crafted HTTP response packets, trigger memory corruption and cause the application to crash.
Update the affected package to version: 7.0.30-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4240
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU11343
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10545
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions and obtain potentially sensitive information on the target system.
The weakness exists due to improper access controls. A local attacker can change UID and GID, PHP-FPM sets pool worker processes to be dumpable, attach to the PHP-FPM workers and gain access to any restricted resources that are not supposed to be allowed.
Update the affected package to version: 7.0.30-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4240
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Infinite loop
EUVDB-ID: #VU12257
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-10546
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to infinite loop. A remote attacker can use a stream filter with convert.iconv and not enough input bytes, trigger an infinite loop, one CPU Core at 100% and cause the service to crash.
Update the affected package to version: 7.0.30-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4240
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Cross-site scripting
EUVDB-ID: #VU12327
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10547
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in the phar_do_404() and phar_do_403() functions due to insufficient sanitization of user-supplied data processed by the phar_do_404() and phar_do_403() functions, as defined in the ext/phar/phar_object.c source code file. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
The vulnerability exists due to an incomplete fix for CVE-2018-5712.
MitigationUpdate the affected package to version: 7.0.30-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4240
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Man-in-the-middle attack
EUVDB-ID: #VU12256
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10548
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the ext/ldap/ldap.c source code file due to improper handling of return values from the ldap_get_dn function. A remote attacker can use man-in-the middle techniques to trigger ldap_get_dn() to return a NULL pointer and cause ldap_get_entries() because add_assoc_string() to crash.
Update the affected package to version: 7.0.30-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4240
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU12258
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-10549
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in exif_read_data() function due to an out-of-bounds read while processing crafted JPEG data. A remote attacker can supply a specially image file, trigger heap-based buffer overflow in exif_iif_add_value and cause the service to crash.
Update the affected package to version: 7.0.30-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4240
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Reflected cross-site scripting
EUVDB-ID: #VU10389
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-5712
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists on the PHAR 404 error page due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Update the affected package to version: 7.0.30-0+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4240
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
