標籤:方案 lead with 主機 nes 覆蓋 相關 因此 object
---------------------------------Nessus掃描報告-----------------------------------------------------
----------------------------------------------------------------------------------------------------------
High
PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
Description
According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities :
- LibGD contains a NULL pointer dereference flaw in its ‘gdImageCreateFromXpm‘ function in the ‘gdxpm.c‘ file.
By using a specially crafted color mapping, a remote attacker could cause a denial of service.
(CVE-2014-2497)- The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)
- An integer overflow flaw exists in the ‘cdf.c‘ file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)
- There are multiple buffer overflow flaws in the ‘dns.c‘ file related to the ‘dns_get_record‘ and ‘dn_expand‘ functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)
- A flaw exists in the ‘spl_dllist.c‘ file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670)
- A flaw exists in the ‘spl_array.c‘ file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698)
- There exist multiple flaws in the GD component within the ‘gd_ctx.c‘ file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.
(CVE-2014-5120)Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application‘s self-reported version number.
Solution
Upgrade to PHP version 5.4.32 or later.
----------------------------------------漏洞報告中文對照:如有不妥之處歡迎指正------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------
漏洞標題:PHP 5.4.x <5.4.32多個漏洞
漏洞類型:通用型
漏洞等級:高危
簡要描述:
根據其版本,不再支援在遠程主機上安裝PHP。
缺乏支援意味著供應商不會發布該產品的新安全補丁。因此,它可能包含安全性漏洞。
詳細細節:
根據其標題,遠程Web伺服器在5.4.32之前運行PHP 5.4.x版本。因此,它受到以下漏洞的影響:
- LibGD在‘gdxpm.c‘檔案的‘gdImageCreateFromXpm‘函數中包含一個NULL指標解引用缺陷。
通過使用特製的顏色映射,遠程攻擊者可能會導致拒絕服務。
(CVE-2014-2497)
- CVE-2013-7345 的原始上遊補丁未提供完整的解決方案。因此,遠程攻擊者仍然可以部署特製的輸入檔案,以便在嘗試使用awkRegex規則檢測檔案類型時使用過多的資源。這可能會導致拒絕服務。(CVE-2014-3538)
- ‘cdf.c‘檔案中存在整數溢出缺陷。通過使用特製的CDF檔案,遠程攻擊者可能會導致拒絕服務。(CVE-2014-3587)
- ‘dns.c‘檔案中存在多個與‘dns_get_record‘和‘dn_expand‘函數相關的緩衝區溢位缺陷。通過使用特製的DNS記錄,遠程攻擊者可以利用這些記錄來導致拒絕服務或執行任意代碼。(CVE-2014-3597)
- ‘spl_dllist.c‘檔案中存在一個缺陷,當在對象上進行迭代時,該缺陷可能導致SPL組件中的釋放後使用條件。攻擊者可以利用此漏洞導致拒絕服務。(CVE-2014-4670)
- ‘spl_array.c‘檔案中存在一個缺陷,當在排序時處理對象的修改時,這可能導致SPL組件中的釋放後使用條件。攻擊者可以利用此漏洞導致拒絕服務。(CVE-2014-4698)
- ‘gd_ctx.c‘檔案中的GD組件中存在多個缺陷,其中未正確驗證使用者提供的輸入以確保路徑名缺少%00序列。通過使用特製輸入,遠程攻擊者可以覆蓋任意檔案。
(CVE-2014-5120)
修複方案:升級到PHP版本5.4.32或更高版本。
英文漏洞報告解讀(一)——PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
