php5.4.x缓冲区溢出,英文漏洞报告解读（一）——PHP 5.4.x < 5.4.32 Multiple Vulnerabilities...

Nessus扫描报告-----------------------------------------------------

----------------------------------------------------------------------------------------------------------

High

PHP 5.4.x < 5.4.32 Multiple Vulnerabilities

Description

According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities :

- LibGD contains a NULL pointer dereference flaw in its ‘gdImageCreateFromXpm‘ function in the ‘gdxpm.c‘ file.

By using a specially crafted color mapping, a remote attacker could cause a denial of service.

(CVE-2014-2497)

- The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538)

- An integer overflow flaw exists in the ‘cdf.c‘ file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587)

- There are multiple buffer overflow flaws in the ‘dns.c‘ file related to the ‘dns_get_record‘ and ‘dn_expand‘ functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597)

- A flaw exists in the ‘spl_dllist.c‘ file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670)

- A flaw exists in the ‘spl_array.c‘ file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698)

- There exist multiple flaws in the GD component within the ‘gd_ctx.c‘ file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files.

(CVE-2014-5120)

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application‘s self-reported version number.

Solution

Upgrade to PHP version 5.4.32 or later.

----------------------------------------

漏洞报告中文对照：如有不妥之处欢迎指正------------------------------------------------

------------------------------------------------------------------------------------------------------------------------------------------------

漏洞标题：PHP 5.4.x <5.4.32多个漏洞

漏洞类型：通用型

漏洞等级：高危

简要描述：

根据其版本，不再支持在远程主机上安装PHP。

缺乏支持意味着供应商不会发布该产品的新安全补丁。因此，它可能包含安全漏洞。

详细细节：

根据其标题，远程Web服务器在5.4.32之前运行PHP 5.4.x版本。因此，它受到以下漏洞的影响：

- LibGD在‘gdxpm.c‘文件的‘gdImageCreateFromXpm‘函数中包含一个NULL指针解引用缺陷。

通过使用特制的颜色映射，远程攻击者可能会导致拒绝服务。

(CVE-2014-2497)

- CVE-2013-7345 的原始上游补丁未提供完整的解决方案。因此，远程攻击者仍然可以部署特制的输入文件，以便在尝试使用awk正则表达式规则检测文件类型时使用过多的资源。这可能会导致拒绝服务。(CVE-2014-3538)

- ‘cdf.c‘文件中存在整数溢出缺陷。通过使用特制的CDF文件，远程攻击者可能会导致拒绝服务。(CVE-2014-3587)

- ‘dns.c‘文件中存在多个与‘dns_get_record‘和‘dn_expand‘函数相关的缓冲区溢出缺陷。通过使用特制的DNS记录，远程攻击者可以利用这些记录来导致拒绝服务或执行任意代码。(CVE-2014-3597)

- ‘spl_dllist.c‘文件中存在一个缺陷，当在对象上进行迭代时，该缺陷可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。(CVE-2014-4670)

- ‘spl_array.c‘文件中存在一个缺陷，当在排序时处理对象的修改时，这可能导致SPL组件中的释放后使用条件。攻击者可以利用此漏洞导致拒绝服务。(CVE-2014-4698)

- ‘gd_ctx.c‘文件中的GD组件中存在多个缺陷，其中未正确验证用户提供的输入以确保路径名缺少％00序列。通过使用特制输入，远程攻击者可以覆盖任意文件。

(CVE-2014-5120)

修复方案：升级到PHP版本5.4.32或更高版本。

原文：https://www.cnblogs.com/Erma/p/9585039.html