Rapid7 VulnDB

ELSA-2014-1013 Moderate: Oracle Linux php security update

Back to Search

ELSA-2014-1013 Moderate: Oracle Linux php security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
07/09/2014
Created
07/25/2018
Added
08/08/2014
Modified
04/11/2019

Description

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.

Solution(s)

  • oracle-linux-upgrade-php
  • oracle-linux-upgrade-php-bcmath
  • oracle-linux-upgrade-php-cli
  • oracle-linux-upgrade-php-common
  • oracle-linux-upgrade-php-dba
  • oracle-linux-upgrade-php-devel
  • oracle-linux-upgrade-php-embedded
  • oracle-linux-upgrade-php-enchant
  • oracle-linux-upgrade-php-fpm
  • oracle-linux-upgrade-php-gd
  • oracle-linux-upgrade-php-intl
  • oracle-linux-upgrade-php-ldap
  • oracle-linux-upgrade-php-mbstring
  • oracle-linux-upgrade-php-mysql
  • oracle-linux-upgrade-php-mysqlnd
  • oracle-linux-upgrade-php-odbc
  • oracle-linux-upgrade-php-pdo
  • oracle-linux-upgrade-php-pgsql
  • oracle-linux-upgrade-php-process
  • oracle-linux-upgrade-php-pspell
  • oracle-linux-upgrade-php-recode
  • oracle-linux-upgrade-php-snmp
  • oracle-linux-upgrade-php-soap
  • oracle-linux-upgrade-php-xml
  • oracle-linux-upgrade-php-xmlrpc

References

  • oracle-linux-upgrade-php
  • oracle-linux-upgrade-php-bcmath
  • oracle-linux-upgrade-php-cli
  • oracle-linux-upgrade-php-common
  • oracle-linux-upgrade-php-dba
  • oracle-linux-upgrade-php-devel
  • oracle-linux-upgrade-php-embedded
  • oracle-linux-upgrade-php-enchant
  • oracle-linux-upgrade-php-fpm
  • oracle-linux-upgrade-php-gd
  • oracle-linux-upgrade-php-intl
  • oracle-linux-upgrade-php-ldap
  • oracle-linux-upgrade-php-mbstring
  • oracle-linux-upgrade-php-mysql
  • oracle-linux-upgrade-php-mysqlnd
  • oracle-linux-upgrade-php-odbc
  • oracle-linux-upgrade-php-pdo
  • oracle-linux-upgrade-php-pgsql
  • oracle-linux-upgrade-php-process
  • oracle-linux-upgrade-php-pspell
  • oracle-linux-upgrade-php-recode
  • oracle-linux-upgrade-php-snmp
  • oracle-linux-upgrade-php-soap
  • oracle-linux-upgrade-php-xml
  • oracle-linux-upgrade-php-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;