Vulnerability CVE-2015-4025

Vulnerability Name:

CVE-2015-4025 (CCN-103514)

Assigned:

2015-04-10

Published:

2015-04-10

Updated:

2019-04-22

Summary:

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink.
Note: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-19
CWE-626

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2015-4025

Source: APPLE
Type: UNKNOWN
APPLE-SA-2015-08-13-2

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-8281

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-8383

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-8370

Source: CONFIRM
Type: Patch
http://php.net/ChangeLog-5.php

Source: CCN
Type: PHP Web site
Version 5.6.9

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1135

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1186

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1187

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1219

Source: DEBIAN
Type: UNKNOWN
DSA-3280

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: BID
Type: UNKNOWN
74904

Source: CCN
Type: BID-74904
PHP NULL Character CVE-2015-4025 Incomplete Fix Multiple Security Bypass Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1032431

Source: CONFIRM
Type: Patch, Vendor Advisory
https://bugs.php.net/bug.php?id=69418

Source: XF
Type: UNKNOWN
php-cve20154025-sec-bypass(103514)

Source: GENTOO
Type: UNKNOWN
GLSA-201606-10

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT205031

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-4025

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version <= 10.10.4)

Configuration 2:

cpe:/a:php:php:5.4.39:*:*:*:*:*:*:*

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.4.40)

OR cpe:/a:php:php:5.5.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:alpha1:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:alpha2:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:alpha3:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:alpha4:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:alpha5:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:alpha6:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.13:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.14:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.18:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.19:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.20:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.21:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.22:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.23:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.24:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha1:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha2:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha3:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha4:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha5:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.8:-:*:*:*:*:*:*

Configuration 3:

cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20154025	V	CVE-2015-4025	2022-05-20
oval:org.opensuse.security:def:39476	P	Security update for speex (Moderate)	2021-11-19
oval:org.opensuse.security:def:13957	P	libspice-client-glib-2_0-8-0.31-7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14025	P	rpcbind-0.2.3-21.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14272	P	libplist3-1.12-19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14073	P	zoo-2.10-1020.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14283	P	libquicktime0-1.2.4-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14091	P	autofs-5.0.9-27.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14296	P	libtag1-1.9.1-1.218 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13927	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14110	P	ctags-5.8-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14934	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14203	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14956	P	libXfixes3-32bit-5.0.1-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14228	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13935	P	libnm-glib-vpn1-1.0.12-8.6 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:17061	P	libIlmImf-Imf_2_1-21-32bit-2.1.0-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17095	P	bash-lang-4.3-78.39 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17180	P	libIlmImf-Imf_2_1-21-32bit-2.1.0-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17237	P	gnome-online-accounts-3.20.5-9.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17268	P	libosip2-3.5.0-20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17053	P	gimp-2.8.10-1.164 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:38724	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:38796	P	Security update for curl (Moderate)	2020-12-21
oval:org.opensuse.security:def:17335	P	libIlmImf-Imf_2_1-21-32bit-2.1.0-6.13.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17343	P	libgstfft-1_0-0-32bit-1.8.3-13.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17377	P	libzzip-0-13-0.13.67-10.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17304	P	PackageKit-gstreamer-plugin-1.1.3-24.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:38167	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17819	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:17446	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:17586	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:38269	P	libapr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18457	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:38752	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17696	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:38327	P	libmspack0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18483	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:37934	P	libospf0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17728	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:38417	P	minicom on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39434	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:17503	P	Security update for compat-openssl098 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38577	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17515	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:37935	P	libotr5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38636	P	libQt5Concurrent5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17462	P	Security update for compat-openssl098 (Important)	2020-12-01
oval:org.opensuse.security:def:17537	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:37946	P	libproxy1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17785	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:17519	P	Security update for python, python-base, python-doc (Moderate)	2020-12-01
oval:org.opensuse.security:def:18175	P	Security update for libwpd (Important)	2020-12-01
oval:org.opensuse.security:def:38030	P	perl-XML-LibXML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17797	P	Security update for fontconfig (Low)	2020-12-01
oval:org.opensuse.security:def:38685	P	libjavascriptcoregtk-3_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17414	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:17550	P	Security update for libksba (Moderate)	2020-12-01
oval:org.opensuse.security:def:18201	P	Security update for php5 (Moderate)	2020-12-01
oval:org.cisecurity:def:250	P	DSA-3280-1 -- php5 -- security update	2016-02-08
oval:com.redhat.rhsa:def:20151135	P	RHSA-2015:1135: php security and bug fix update (Important)	2015-06-23
oval:com.ubuntu.precise:def:20154025000	V	CVE-2015-4025 on Ubuntu 12.04 LTS (precise) - low.	2015-06-09
oval:com.ubuntu.trusty:def:20154025000	V	CVE-2015-4025 on Ubuntu 14.04 LTS (trusty) - low.	2015-06-09

BACK