英文漏洞报告解读(一)——PHP 5.4.x < 5.4.32 Multiple Vulnerabilities

---------------------------------

Nessus扫描报告

----------------------------------------------------- ---------------------------------------------------------------------------------------------------------- High PHP 5.4.x < 5.4.32 Multiple Vulnerabilities Description According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially crafted color mapping, a remote attacker could cause a denial of service. (CVE-2014-2497) - The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538) - An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587) - There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597) - A flaw exists in the 'spl_dllist.c' file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670) - A flaw exists in the 'spl_array.c' file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698) - There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files. (CVE-2014-5120) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number. Solution Upgrade to PHP version 5.4.32 or later. ----------------------------------------

漏洞报告中文对照:如有不妥之处欢迎指正

------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------------------ 漏洞标题:PHP 5.4.x <5.4.32多个漏洞 漏洞类型:通用型 漏洞等级:高危 简要描述: 根据其版本,不再支持在远程主机上安装PHP。 缺乏支持意味着供应商不会发布该产品的新安全补丁。因此,它可能包含安全漏洞。 详细细节: 根据其标题,远程Web服务器在5.4.32之前运行PHP 5.4.x版本。因此,它受到以下漏洞的影响: - LibGD在'gdxpm.c'文件的'gdImageCreateFromXpm'函数中包含一个NULL指针解引用缺陷。 通过使用特制的颜色映射,远程攻击者可能会导致拒绝服务。 (CVE-2014-2497) - CVE-2013-7345 的原始上游补丁未提供完整的解决方案。因此,远程攻击者仍然可以部署特制的输入文件,以便在尝试使用awk正则表达式规则检测文件类型时使用过多的资源。这可能会导致拒绝服务。(CVE-2014-3538) - 'cdf.c'文件中存在整数溢出缺陷。通过使用特制的CDF文件,远程攻击者可能会导致拒绝服务。(CVE-2014-3587) - 'dns.c'文件中存在多个与'dns_get_record'和'dn_expand'函数相关的缓冲区溢出缺陷。通过使用特制的DNS记录,远程攻击者可以利用这些记录来导致拒绝服务或执行任意代码。(CVE-2014-3597) - 'spl_dllist.c'文件中存在一个缺陷,当在对象上进行迭代时,该缺陷可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。(CVE-2014-4670) - 'spl_array.c'文件中存在一个缺陷,当在排序时处理对象的修改时,这可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。(CVE-2014-4698) - 'gd_ctx.c'文件中的GD组件中存在多个缺陷,其中未正确验证用户提供的输入以确保路径名缺少%00序列。通过使用特制输入,远程攻击者可以覆盖任意文件。 (CVE-2014-5120) 修复方案:升级到PHP版本5.4.32或更高版本。

转载于:https://www.cnblogs.com/Erma/p/9585039.html

你可能感兴趣的:(英文漏洞报告解读(一)——PHP 5.4.x < 5.4.32 Multiple Vulnerabilities)