Vulnerability Name:

CVE-2015-4604 (CCN-104116)

Assigned:2015-04-16
Published:2015-04-16
Updated:2019-04-22
Summary:The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2015-4604

Source: CONFIRM
Type: UNKNOWN
http://git.php.net/?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd

Source: CONFIRM
Type: UNKNOWN
http://php.net/ChangeLog-5.php

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1135

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1186

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1187

Source: MLIST
Type: UNKNOWN
[oss-security] 20150616 Re: CVE Request: various issues in PHP

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: CCN
Type: PHP Web Site
PHP

Source: BID
Type: UNKNOWN
75241

Source: CCN
Type: BID-75241
PHP libmagick 'libmagic/softmagic.c' Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1032709

Source: CONFIRM
Type: Exploit
https://bugs.php.net/bug.php?id=68819

Source: CCN
Type: Red Hat Bugzilla – Bug 1213442
(CVE-2015-4604, CVE-2015-4605) CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo

Source: XF
Type: UNKNOWN
php-cve20154604-dos(104116)

Source: CCN
Type: IBM Security Bulletin 5098669
Multiple vulnerabilities in php affect IBM Flex System Manger (FSM)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-4604

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.4.39)
  • OR cpe:/a:php:php:5.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.12:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.13:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.14:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.15:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.16:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.17:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.18:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.19:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.20:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.21:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.22:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.23:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.7:-:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.6.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.4.41:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.25:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:flex_system_manager:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:flex_system_manager:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:flex_system_manager:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:flex_system_manager:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:flex_system_manager:1.3.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20154604
    V
    		CVE-2015-4604
    2022-05-20
    oval:com.ubuntu.precise:def:20154604000
    V
    		CVE-2015-4604 on Ubuntu 12.04 LTS (precise) - low.
    2016-05-16
    oval:com.ubuntu.xenial:def:201546040000000
    V
    		CVE-2015-4604 on Ubuntu 16.04 LTS (xenial) - low.
    2016-05-16
    oval:com.ubuntu.trusty:def:20154604000
    V
    		CVE-2015-4604 on Ubuntu 14.04 LTS (trusty) - low.
    2016-05-16
    oval:com.ubuntu.xenial:def:20154604000
    V
    		CVE-2015-4604 on Ubuntu 16.04 LTS (xenial) - low.
    2016-05-16
    oval:com.redhat.rhsa:def:20151135
    P
    		RHSA-2015:1135: php security and bug fix update (Important)
    2015-06-23
    BACK
    php php *
    php php 5.5.0
    php php 5.5.1
    php php 5.5.2
    php php 5.5.3
    php php 5.5.4
    php php 5.5.5
    php php 5.5.6
    php php 5.5.7
    php php 5.5.8
    php php 5.5.9
    php php 5.5.10
    php php 5.5.11
    php php 5.5.12
    php php 5.5.13
    php php 5.5.14
    php php 5.5.15
    php php 5.5.16
    php php 5.5.17
    php php 5.5.18
    php php 5.5.19
    php php 5.5.20
    php php 5.5.21
    php php 5.5.22
    php php 5.5.23
    php php 5.6.0
    php php 5.6.1
    php php 5.6.2
    php php 5.6.3
    php php 5.6.4
    php php 5.6.5
    php php 5.6.6
    php php 5.6.7
    redhat enterprise linux desktop 7.0
    redhat enterprise linux hpc node 7.0
    redhat enterprise linux hpc node eus 7.1
    redhat enterprise linux server 7.0
    redhat enterprise linux server eus 7.1
    redhat enterprise linux workstation 7.0
    redhat enterprise linux 6.0
    redhat enterprise linux 7.0
    php php 5.6.9
    php php 5.4.41
    php php 5.5.25
    ibm flex system manager 1.3.0
    ibm flex system manager 1.2.0
    ibm flex system manager 1.2.1
    ibm flex system manager 1.3.1
    ibm flex system manager 1.3.3