Vulnerability Name:

CVE-2016-5399

Assigned:2016-06-10
Published:2016-07-18
Updated:2018-01-13
Summary:The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVSS v3 Severity:7.8 High (CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.0 High (Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.6 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
8.1 High (REDHAT CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (REDHAT Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-787
CWE-390
References:Source: MISC
Type: VENDOR_ADVISORY
http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html

Source: CONFIRM
Type: VENDOR_ADVISORY
http://php.net/ChangeLog-5.php

Source: CONFIRM
Type: VENDOR_ADVISORY
http://php.net/ChangeLog-7.php

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2598

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2750

Source: FULLDISC
Type: VENDOR_ADVISORY
20160725 CVE-2016-5399: php: out-of-bounds write in bzread()

Source: DEBIAN
Type: UNKNOWN
DSA-3631

Source: MLIST
Type: VENDOR_ADVISORY
[oss-security] 20160721 CVE-2016-5399: php: out-of-bounds write in bzread()

Source: BUGTRAQ
Type: VENDOR_ADVISORY
20160721 CVE-2016-5399: php: out-of-bounds write in bzread()

Source: BID
Type: VENDOR_ADVISORY
92051

Source: SECTRACK
Type: VENDOR_ADVISORY
1036430

Source: CONFIRM
Type: VENDOR_ADVISORY
https://bugs.php.net/bug.php?id=72613

Source: CONFIRM
Type: VENDOR_ADVISORY
https://bugzilla.redhat.com/show_bug.cgi?id=1358395

Source: XF
Type: UNKNOWN
php-cve20165399-code-exec(115332)

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20180112-0001/

Source: EXPLOIT-DB
Type: VENDOR_ADVISORY
40155

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:5.5.37:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha5:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.9:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.10:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.11:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.12:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.13:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.14:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.15:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.16:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.17:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.18:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.19:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.20:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.21:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.22:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.23:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.9:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:php:php:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.23:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.37:*:*:*:*:*:*:*
  • AND
  • cpe:/h:ibm:flex_system_manager_node_7955:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20165399
    V
    CVE-2016-5399
    2018-01-23
    oval:com.ubuntu.precise:def:20165399000
    V
    CVE-2016-5399 on Ubuntu 12.04 LTS (precise) - medium.
    2017-04-21
    oval:com.ubuntu.trusty:def:20165399000
    V
    CVE-2016-5399 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-04-21
    oval:com.ubuntu.xenial:def:20165399000
    V
    CVE-2016-5399 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-04-21
    oval:com.redhat.rhsa:def:20162598
    P
    RHSA-2016:2598: php security and bug fix update (Moderate)
    2016-11-03
    oval:org.cisecurity:def:1009
    P
    DSA-3631-1 -- php5 -- security update
    2016-09-16
    BACK
    php php 5.5.37
    php php 5.6.0 alpha1
    php php 5.6.0 alpha2
    php php 5.6.0 alpha3
    php php 5.6.0 alpha4
    php php 5.6.0 alpha5
    php php 5.6.0 beta1
    php php 5.6.0 beta2
    php php 5.6.0 beta3
    php php 5.6.0 beta4
    php php 5.6.1
    php php 5.6.2
    php php 5.6.3
    php php 5.6.4
    php php 5.6.5
    php php 5.6.6
    php php 5.6.7
    php php 5.6.8
    php php 5.6.9
    php php 5.6.10
    php php 5.6.11
    php php 5.6.12
    php php 5.6.13
    php php 5.6.14
    php php 5.6.15
    php php 5.6.16
    php php 5.6.17
    php php 5.6.18
    php php 5.6.19
    php php 5.6.20
    php php 5.6.21
    php php 5.6.22
    php php 5.6.23
    php php 7.0.0
    php php 7.0.1
    php php 7.0.2
    php php 7.0.3
    php php 7.0.4
    php php 7.0.5
    php php 7.0.6
    php php 7.0.7
    php php 7.0.8
    php php 7.0.9
    redhat enterprise_linux 7