Título: Informe de Nessus Php 5.3.6 Vulnerable Publicado por: Megan en 19 Agosto 2011, 06:49 am Buenas noches, realice un scanneo con Nessus y lanzo el siguiente resultado.
Synopsis: The remote web server uses a version of PHP that is affected by multiple vulnerabilities. Description According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.6. - A NULL pointer can be dereferenced in the function '_zip_name_locate()' when processing empty archives and can lead to application crashes or code execution. Exploitation requires the 'ZIPARCHIVE::FL_UNCHANGED' setting to be in use. (CVE-2011-0421) - A variable casting error exists in the Exif extention which can allow denial of service attacks when handling crafted 'Image File Directory' (IFD) header values in the PHP function 'exif_read_data()'. Exploitation requires a 64bit system and a config setting 'memory_limit' above 4GB or unlimited. (CVE-2011-0708) - An integer overflow vulnerability exists in the implementation of the PHP function 'shmop_read()' and can allow arbitrary code execution. (CVE-2011-1092) - Errors exist in the file 'phar/phar_object.c' in which calls to 'zend_throw_exception_ex()' pass data as a string format parameter. This can lead to memory corruption when handling PHP archives (phar). (CVE-2011-1153) - A buffer overflow error exists in the C function 'xbuf_format_converter' when the PHP configuration value for 'precision' is set to a large value and can lead to application crashes. (CVE-2011-1464) - An integer overflow error exists in the C function 'SdnToJulian()' in the Calendar extension and can lead to application crashes. (CVE-2011-1466) - An unspecified error exists in the implementation of the PHP function 'numfmt_set_symbol()' and PHP method 'NumberFormatter::setSymbol()' in the Intl extension. This error can lead to application crashes. (CVE-2011-1467) - Multiple memory leaks exist in the OpenSSL extension in the PHP functions 'openssl_encrypt' and 'openssl_decrypt'. (CVE-2011-1468) - An unspecified error exists in the Streams component when accessing FTP URLs with an HTTP proxy. (CVE-2011-1469) - An integer signedness error and an unspecified error exist in the Zip extension and can lead to denial of service via certain ziparchive streams. (CVE-2011-1470, CVE-2011-1471) - An unspecified error exists in the security enforcement regarding the parsing of the fastcgi protocol with the 'FastCGI Process Manager' (FPM) SAPI. Solution Upgrade to PHP 5.3.6 or later. See Also http://bugs.php.net/bug.php?id=54193 http://bugs.php.net/bug.php?id=54055 http://bugs.php.net/bug.php?id=53885 http://bugs.php.net/bug.php?id=53574 http://bugs.php.net/bug.php?id=53512 http://bugs.php.net/bug.php?id=54060 http://bugs.php.net/bug.php?id=54061 http://bugs.php.net/bug.php?id=54092 http://bugs.php.net/bug.php?id=53579 http://bugs.php.net/bug.php?id=49072 http://openwall.com/lists/oss-security/2011/02/14/1 http://www.php.net/releases/5_3_6.php http://www.rooibo.com/2011/03/12/integer-overflow-en-php-2/ Risk Factor: High CVSS Base Score 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) Plugin Output Version source : X-Powered-By: PHP/5.3.5 Installed version : 5.3.5 Fixed version : 5.3.6 CVE CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1464 CVE-2011-1466 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 BID 46354 46365 46786 46854 Xref OSVDB:71597 OSVDB:71598 OSVDB:72531 OSVDB:72532 OSVDB:72533 OSVDB:73623 OSVDB:73624 OSVDB:73625 OSVDB:73626 OSVDB:73754 OSVDB:73755 EDB-ID:16261 Secunia:43328 Vulnerability Publication Date: 2011/02/14 Patch Publication Date: 2011/03/17 Plugin Publication Date: 2011/03/18 Plugin Last Modification Date: 2011/08/03 El problema esta cuando trato de buscar un exploit y no lo encuentro en la base de datos de metasploit o exploitdb. Mi consulta es, si en Metasploit se lo encuentra por el CVE? me podrian ayudar por favor?. Muchas Gracias Título: Re: Informe de Nessus Php 5.3.6 Vulnerable Publicado por: Ivanchuk en 21 Agosto 2011, 14:36 pm Hace un grep dentro de modules/
Por ej., si queres buscar por el CVE-2011-0421: Código
Saludos |