Vigil@nce - PHP: five vulnerabilities
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE, pfSense, PHP,
Synology DS***, Synology RS***.
– Severity: 2/4.
– Creation date: 10/07/2015.
– Revision date: 10/07/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in PHP.
An unknown vulnerability was announced in the functions
escapeshell*. This may be related to an incomplete fix for
CVE-2015-4642 mentioned in VIGILANCE-VUL-17113. [severity:2/4;
69768]
An attacker can generate a buffer overflow in Phar::convertToDat,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; 69958, CVE-2015-5589]
An attacker can generate a buffer overflow in phar_fix_filepath,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; 69923, CVE-2015-5590]
An attacker can force the usage of a freed memory area in
spl_recursive_it_move_forward_ex(), in order to trigger a denial
of service, and possibly to execute code. [severity:2/4; 69970]
An attacker can force the usage of a freed memory area in
sqlite3SafetyCheckSickOrOk(), in order to trigger a denial of
service, and possibly to execute code. [severity:2/4; 69972]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-five-vulnerabilities-17341