Описание
Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to cause denial of service, affect arbitrary files, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- Multiple integer overflows can be exploited remotely to cause denial of service via a specially designed string;
- An unknown vulnerability can be exploited remotely via specially designed imagerotate function call to obtain sensitive information or cause denial of service;
- Format string vulnerability at Zend can be exploited remotely via a specially designed string to execute arbitrary code;
- Use-after-free at Collator can be exploited remotely to cause denial of service;
- Improper headers management at soap can be exploited remotely via a specially designed data to execute arbitrary code;
- Directory traversal at PharData can be exploited remotely to affect local files via a specially designed ZIP archive;
- Multiple use-after-free at SPL can be exploited remotely via a specially designed data to execute arbitrary code;
- An unknown vulnerability can be exploited remotely to execute arbitrary code;
- Buffer overflow can be exploited remotely via a specially designed file path to cause denial of service.
Technical details
Vulnerability (1) related to ext/standard/exec.c and can be exploited via long string to php_escape_shell_cmd or php_escape_shell_arg.
Vulnerability (2) related to gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c and can be exploited via a large bgd_color argument to the function.
Vulnerability (3) related to zend_throw_or_error function in Zend/zend_execute_API.c and can be exploited via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
Vulnerability (4) related to Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c and can be exploited via leveraging the relationships between a key buffer and a destroyed array.
Vulnerability (5) related to SoapClient __call method in ext/soap/soap.c and can be exploited via serialized data that triggers a «type confusion» in the serialize_function_call function.
Vulnerability (6) can be exploited via .. in a ZIP archive entry that is mishandled during extract.
Vulnerabilities (7) related to SPL unserialize implementation in ext/spl/spl_array.c that can be exploited via serialized data that triggers misuse of an array field and also related to deserialization mishandling at ArrayObject, SplObjectStorage and SplDoublyLinkedList.
Vulnerability (8) related to php_str_replace_in_subject function in ext/standard/string.c and can be exploited via third argument to the str_ireplace function.
Vulnerability (9) related to phar_fix_filepath function in ext/phar/phar.c and can be exploited via large length value.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2016-1904 critical
- CVE-2016-1903 high
- CVE-2015-8617 critical
- CVE-2015-8616 critical
- CVE-2015-6836 critical
- CVE-2015-6833 warning
- CVE-2015-6832 critical
- CVE-2015-6831 critical
- CVE-2015-6527 critical
- CVE-2015-5590 critical
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com