Nessus扫描报告
---------------------------------------------------------------------------------------------------------------------------------------------------------------
High
PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
Description
According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities :
- LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497) - The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)
- An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)
- There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)
- A flaw exists in the 'spl_dllist.c' file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670)
- A flaw exists in the 'spl_array.c' file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698)
- There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
Solution
Upgrade to PHP version 5.4.32 or later.
----------------------------------------
漏洞报告中文对照:如有不妥之处欢迎指正
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
漏洞标题:PHP 5.4.x <5.4.32多个漏洞
漏洞类型:通用型
漏洞等级:高危
简要描述:
根据其版本,不再支持在远程主机上安装PHP。
缺乏支持意味着供应商不会发布该产品的新安全补丁。因此,它可能包含安全漏洞。
详细细节:
根据其标题,远程Web服务器在5.4.32之前运行PHP 5.4.x版本。因此,它受到以下漏洞的影响:
- LibGD在'gdxpm.c'文件的'gdImageCreateFromXpm'函数中包含一个NULL指针解引用缺陷。
通过使用特制的颜色映射,远程攻击者可能会导致拒绝服务。
(CVE-2014-2497)
- CVE-2013-7345 的原始上游补丁未提供完整的解决方案。因此,远程攻击者仍然可以部署特制的输入文件,以便在尝试使用awk正则表达式规则检测文件类型时使用过多的资源。这可能会导致拒绝服务。(CVE-2014-3538)
- 'cdf.c'文件中存在整数溢出缺陷。通过使用特制的CDF文件,远程攻击者可能会导致拒绝服务。(CVE-2014-3587)
- 'dns.c'文件中存在多个与'dns_get_record'和'dn_expand'函数相关的缓冲区溢出缺陷。通过使用特制的DNS记录,远程攻击者可以利用这些记录来导致拒绝服务或执行任意代码。(CVE-2014-3597)
- 'spl_dllist.c'文件中存在一个缺陷,当在对象上进行迭代时,该缺陷可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。(CVE-2014-4670)
- 'spl_array.c'文件中存在一个缺陷,当在排序时处理对象的修改时,这可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。(CVE-2014-4698)
- 'gd_ctx.c'文件中的GD组件中存在多个缺陷,其中未正确验证用户提供的输入以确保路径名缺少%00序列。通过使用特制输入,远程攻击者可以覆盖任意文件。
(CVE-2014-5120)
修复方案:升级到PHP版本5.4.32或更高版本。