CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anteriores a 5.6.10 permite a servidores FTP remotos ejecutar código arbitrario a través de una respuesta larga para un comando LIST, encabezando un desbordamiento de buffer basado en memoria dinámica. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-4022. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 http://openwall.com/lists/oss-security/2015/06/18/6 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.debian.org/security/2015/dsa-3344 http://www.oracle.com/technetwork/topics/security/lin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVE-2015-4603 – php: exception:: getTraceAsString type confusion issue after unserialize
https://notcve.org/view.php?id=CVE-2015-4603
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. La función exception::getTraceAsString en Zend/zend_exceptions.c en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 permite a atacantes remotos ejecutar código arbitrario a través de un tipo de dato no esperado, relacionado con un caso "type confusion" . A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75252 http://www.securitytracker.com/id/1032709 https://bugs.php. • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2015-4604 – php: denial of service when processing a crafted file with Fileinfo
https://notcve.org/view.php?id=CVE-2015-4604
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. La función mget en softmagic.c en file 5.x, tal como se utiliza en el componente Fileinfo en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8, no mantiene correctamente una cierta relación de puntero, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a traves de una cadena manipulada que no es manejada correctamente por una regla "secuencia de comandos de texto ejecutable de Python". • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75241 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •
CVE-2015-4605 – php: denial of service when processing a crafted file with Fileinfo
https://notcve.org/view.php?id=CVE-2015-4605
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. La función mcopy en softmagic.c en file 5.x, tal como se utiliza en el componente Fileinfo en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8, no restringe correctamente un cierto valor de desplazamiento, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una cadena manipulada que no es manejada correctamente por una regla "secuencia de comandos de texto ejecutable de Python". • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f938112c495b0d26572435c0be73ac0bfe642ecd http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75233 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •
CVE-2015-4601 – php: type confusion issue in unserialize() with various SOAP methods
https://notcve.org/view.php?id=CVE-2015-4601
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. PHP en versiones anteriores a 5.6.7 podría permitir a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecuar código arbitrario a través de un tipo de dato no esperado, relacionado con casos "type confusion" en (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c y (3) ext/soap/soap.c, un caso diferente a CVE-2015-4600. Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0c136a2abd49298b66acb0cad504f0f972f5bfe8 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75246 http://www.securitytracker.com/id/1032709 https://access.redhat.com/security/cve/CVE • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •