Debian update for php7.0
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7066 CVE-2020-7067 |
| CWE-ID | CWE-400 CWE-476 CWE-276 CWE-125 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
php7.0 (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU28318
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11048
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way PHP handles long filenames or field names during file upload. A remote attacker can supply an overly long filename to the application that will lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This will lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
MitigationUpdate php7.0 package to version 7.0.33-0+deb9u8.
Vulnerable software versionsphp7.0 (Debian package): 7.0.27-0+deb9u1 - 7.0.33-0+deb9u7
CPE2.3- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u7:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u6:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u5:*:*:*:*:debian_linux:*:
http://www.debian.org/security/2020/dsa-4717
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU25594
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in session.c when handling file uploads. A remote attacker can send a specially crafted HTTP POST request to the affected application and perform a denial of service (DoS) attack.
MitigationUpdate php7.0 package to version 7.0.33-0+deb9u8.
Vulnerable software versionsphp7.0 (Debian package): 7.0.27-0+deb9u1 - 7.0.33-0+deb9u7
CPE2.3- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u7:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u6:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u5:*:*:*:*:debian_linux:*:
http://www.debian.org/security/2020/dsa-4717
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect default permissions
EUVDB-ID: #VU25592
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7063
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions for files and folders that are set during the Phar::buildFromIterator() call when adding files into tar archive. A local user can extract files from tar archive and gain access to otherwise restricted information.
MitigationUpdate php7.0 package to version 7.0.33-0+deb9u8.
Vulnerable software versionsphp7.0 (Debian package): 7.0.27-0+deb9u1 - 7.0.33-0+deb9u7
CPE2.3- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u7:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u6:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u5:*:*:*:*:debian_linux:*:
http://www.debian.org/security/2020/dsa-4717
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU26259
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7064
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within exif_read_data() PHP function. A remote attacker can pass specially crafted data to the application that uses the vulnerable function, trigger one byte out-of-bounds read error and read contents of memory on the system.
MitigationUpdate php7.0 package to version 7.0.33-0+deb9u8.
Vulnerable software versionsphp7.0 (Debian package): 7.0.27-0+deb9u1 - 7.0.33-0+deb9u7
CPE2.3- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u7:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u6:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u5:*:*:*:*:debian_linux:*:
http://www.debian.org/security/2020/dsa-4717
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU26257
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7066
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to get_headers() PHP function silently truncates headers after receiving a NULL byte character. A remote attacker can abuse this behavior to bypass implemented security restrictions with in the application.
Update php7.0 package to version 7.0.33-0+deb9u8.
Vulnerable software versionsphp7.0 (Debian package): 7.0.27-0+deb9u1 - 7.0.33-0+deb9u7
CPE2.3- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u7:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u6:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u5:*:*:*:*:debian_linux:*:
http://www.debian.org/security/2020/dsa-4717
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU26979
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7067
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing untrusted input passed to urldecode() PHP function. A remote attacker can send specially crafted data to the application that uses the affected function and gain access to sensitive information on the system
Update php7.0 package to version 7.0.33-0+deb9u8.
Vulnerable software versionsphp7.0 (Debian package): 7.0.27-0+deb9u1 - 7.0.33-0+deb9u7
CPE2.3- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u7:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u6:*:*:*:*:debian_linux:*:
- cpe:2.3:o:debian:php70_debian_package:7.0.33-0 deb9u5:*:*:*:*:debian_linux:*:
http://www.debian.org/security/2020/dsa-4717
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
