• 英文漏洞报告解读(一)——PHP 5.4.x < 5.4.32 Multiple Vulnerabilities


    ---------------------------------

    Nessus扫描报告

    -----------------------------------------------------
    ----------------------------------------------------------------------------------------------------------
    High
    PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
    Description
    According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities :
    - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
    By using a specially crafted color mapping, a remote attacker could cause a denial of service.
    (CVE-2014-2497) - The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)
    - An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)
    - There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)
    - A flaw exists in the 'spl_dllist.c' file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670)
    - A flaw exists in the 'spl_array.c' file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698)
    - There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
    (CVE-2014-5120) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
    Solution
    Upgrade to PHP version 5.4.32 or later.
    ----------------------------------------

    漏洞报告中文对照:如有不妥之处欢迎指正

    ------------------------------------------------
    ------------------------------------------------------------------------------------------------------------------------------------------------
    漏洞标题:PHP 5.4.x <5.4.32多个漏洞
    漏洞类型:通用型
    漏洞等级:高危
    简要描述:
    根据其版本,不再支持在远程主机上安装PHP。
    缺乏支持意味着供应商不会发布该产品的新安全补丁。因此,它可能包含安全漏洞。
    详细细节:
    根据其标题,远程Web服务器在5.4.32之前运行PHP 5.4.x版本。因此,它受到以下漏洞的影响:
    - LibGD在'gdxpm.c'文件的'gdImageCreateFromXpm'函数中包含一个NULL指针解引用缺陷。
    通过使用特制的颜色映射,远程攻击者可能会导致拒绝服务。
    (CVE-2014-2497)
    - CVE-2013-7345 的原始上游补丁未提供完整的解决方案。因此,远程攻击者仍然可以部署特制的输入文件,以便在尝试使用awk正则表达式规则检测文件类型时使用过多的资源。这可能会导致拒绝服务。(CVE-2014-3538)
    - 'cdf.c'文件中存在整数溢出缺陷。通过使用特制的CDF文件,远程攻击者可能会导致拒绝服务。(CVE-2014-3587)
    - 'dns.c'文件中存在多个与'dns_get_record'和'dn_expand'函数相关的缓冲区溢出缺陷。通过使用特制的DNS记录,远程攻击者可以利用这些记录来导致拒绝服务或执行任意代码。(CVE-2014-3597)
    - 'spl_dllist.c'文件中存在一个缺陷,当在对象上进行迭代时,该缺陷可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。(CVE-2014-4670)
    - 'spl_array.c'文件中存在一个缺陷,当在排序时处理对象的修改时,这可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。(CVE-2014-4698)
    - 'gd_ctx.c'文件中的GD组件中存在多个缺陷,其中未正确验证用户提供的输入以确保路径名缺少%00序列。通过使用特制输入,远程攻击者可以覆盖任意文件。
    (CVE-2014-5120)
    修复方案:升级到PHP版本5.4.32或更高版本。
  • 相关阅读:
    Python_Note_08Day 9_HTML
    Python_Note_08Day 6_Bastion Host_Paramiko_SSH
    Python_Note_08Day 5_Module
    Python_Note_Day 11_Mysql02_Python MySQL API
    Python_Note_Day 11_Mysql
    Python_Data_Analysis_01
    485. Max Consecutive Ones
    498. Diagonal Traverse
    500. Keyboard Row
    481. Magical String
  • 原文地址:https://www.cnblogs.com/Erma/p/9585039.html
Copyright © 2020-2023  润新知