Summary
Check the version of php5
Solution
Please Install the Updated Packages.
Insight
Symeon Paraschoudis discovered that PHP
incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3668)
Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3669)
Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-3670)
Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3710)
It was discovered that PHP incorrectly handled NULL bytes when processing certain URLs with the curl functions. A remote attacker could possibly use this issue to bypass filename restrictions and obtain access to sensitive files. (No CVE number)
Affected
php5 on Ubuntu 14.04 LTS ,
Ubuntu 12.04 LTS ,
Ubuntu 10.04 LTS
Detection
Get the installed version with the help of
detect NVT and check if the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities