英文漏洞报告解读（一）——PHP 5.4.x < 5.4.32 Multiple Vulnerabilities

---------------------------------

Nessus扫描报告

----------------------------------------------------- ---------------------------------------------------------------------------------------------------------- High PHP 5.4.x < 5.4.32 Multiple Vulnerabilities Description According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially crafted color mapping, a remote attacker could cause a denial of service. (CVE-2014-2497) - The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538) - An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587) - There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597) - A flaw exists in the 'spl_dllist.c' file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670) - A flaw exists in the 'spl_array.c' file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698) - There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files. (CVE-2014-5120) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number. Solution Upgrade to PHP version 5.4.32 or later. ----------------------------------------

漏洞报告中文对照：如有不妥之处欢迎指正

------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------------------ 漏洞标题：PHP 5.4.x <5.4.32多个漏洞 漏洞类型：通用型 漏洞等级：高危 简要描述： 根据其版本，不再支持在远程主机上安装PHP。 缺乏支持意味着供应商不会发布该产品的新安全补丁。因此，它可能包含安全漏洞。 详细细节： 根据其标题，远程Web服务器在5.4.32之前运行PHP 5.4.x版本。因此，它受到以下漏洞的影响： - LibGD在'gdxpm.c'文件的'gdImageCreateFromXpm'函数中包含一个NULL指针解引用缺陷。 通过使用特制的颜色映射，远程攻击者可能会导致拒绝服务。 （CVE-2014-2497） - CVE-2013-7345 的原始上游补丁未提供完整的解决方案。因此，远程攻击者仍然可以部署特制的输入文件，以便在尝试使用awk正则表达式规则检测文件类型时使用过多的资源。这可能会导致拒绝服务。（CVE-2014-3538） - 'cdf.c'文件中存在整数溢出缺陷。通过使用特制的CDF文件，远程攻击者可能会导致拒绝服务。（CVE-2014-3587） - 'dns.c'文件中存在多个与'dns_get_record'和'dn_expand'函数相关的缓冲区溢出缺陷。通过使用特制的DNS记录，远程攻击者可以利用这些记录来导致拒绝服务或执行任意代码。（CVE-2014-3597） - 'spl_dllist.c'文件中存在一个缺陷，当在对象上进行迭代时，该缺陷可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。（CVE-2014-4670） - 'spl_array.c'文件中存在一个缺陷，当在排序时处理对象的修改时，这可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。（CVE-2014-4698） - 'gd_ctx.c'文件中的GD组件中存在多个缺陷，其中未正确验证用户提供的输入以确保路径名缺少％00序列。通过使用特制输入，远程攻击者可以覆盖任意文件。 （CVE-2014-5120） 修复方案：升级到PHP版本5.4.32或更高版本。

转载于:https://www.cnblogs.com/Erma/p/9585039.html