SB2020070601 - Debian update for php7.0

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020070601

SB2020070601 - Debian update for php7.0

Published: July 6, 2020

Security Bulletin ID SB2020070601
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2019-11048)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way PHP handles long filenames or field names during file upload. A remote attacker can supply an overly long filename to the application that will lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This will lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.


2) NULL pointer dereference (CVE-ID: CVE-2020-7062)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in session.c when handling file uploads. A remote attacker can send a specially crafted HTTP POST request to the affected application and perform a denial of service (DoS) attack.


3) Incorrect default permissions (CVE-ID: CVE-2020-7063)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for files and folders that are set during the Phar::buildFromIterator() call when adding files into tar archive. A local user can extract files from tar archive and gain access to otherwise restricted information.


4) Out-of-bounds read (CVE-ID: CVE-2020-7064)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within exif_read_data() PHP function. A remote attacker can pass specially crafted data to the application that uses the vulnerable function, trigger one byte out-of-bounds read error and read contents of memory on the system.


5) Input validation error (CVE-ID: CVE-2020-7066)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to get_headers() PHP function silently truncates headers after receiving a NULL byte character. A remote attacker can abuse this behavior to bypass implemented security restrictions with in the application.


6) Out-of-bounds read (CVE-ID: CVE-2020-7067)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing untrusted input passed to urldecode() PHP function. A remote attacker can send specially crafted data to the application that uses the affected function and gain access to sensitive information on the system


Remediation

Install update from vendor's website.

References