Slackware Linux update for php



Published: 2024-06-26 | Updated: 2024-10-30
Risk Critical
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2012-1823
CVE-2024-1874
CVE-2024-4577
CVE-2024-5458
CVE-2024-5585
CWE-ID CWE-78
CWE-20
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Public exploit code for vulnerability #2 is available.
Vulnerability #3 is being exploited in the wild.
Vulnerable software
Subscribe 		Slackware Linux
Operating systems & Components / Operating system

php81
Operating systems & Components / Operating system package or component

Vendor Slackware

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) OS command injection

EUVDB-ID: #VU4201

Risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2012-1823

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to error when parsing QUERY_STRING parameters within PHP-CGI-based application (sapi/cgi/cgi_main.c). A remote attacker can send specially crafted HTTP request with query string without the "=" (equals sign) character, inject and execute arbitrary OS commands on vulnerable system with privileges of the web server.

Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 15.0

php81: before 8.1.29

CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.360869


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) OS Command Injection

EUVDB-ID: #VU88482

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-1874

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing array-ish $command parameter of proc_open. A remote attacker can pass specially crafted input to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 15.0

php81: before 8.1.29

CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.360869


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) OS Command Injection

EUVDB-ID: #VU91106

Risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-4577

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in PHP-CGI implementation. A remote attacker can send specially crafted HTTP request to the application and execute arbitrary OS commands on the system.

Note, the vulnerability exists due to incomplete fix for #VU4201 (CVE-2012-1823).

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 15.0

php81: before 8.1.29

CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.360869


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Input validation error

EUVDB-ID: #VU91107

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-5458

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when parsing URL. A remote attacker can bypass the filter_var FILTER_VALIDATE_URL checks.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 15.0

php81: before 8.1.29

CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.360869


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) OS Command Injection

EUVDB-ID: #VU91109

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-5585

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to insufficient fix for #VU88482 (CVE-2024-1874). A remote attacker can pass specially crafted input to the application and execute arbitrary OS commands on the target system.

Mitigation

Update the affected package php.

Vulnerable software versions

Slackware Linux: 15.0

php81: before 8.1.29

CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.360869


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###