Vulnerability Name:

CVE-2015-7804 (CCN-106903)

Assigned:2015-10-05
Published:2015-10-05
Updated:2016-12-07
Summary:Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.
<a href="http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html">Per Advisory: The attack can lead to remote code execution
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2015-7804

Source: CONFIRM
Type: UNKNOWN
http://git.php.net/?p=php-src.git;a=commit;h=1ddf72180a52d247db88ea42a3e35f824a8fbda1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2015-12-08-3

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0251

Source: CCN
Type: PHP Web site
Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/")

Source: CCN
Type: RHSA-2016-0457
Moderate: rh-php56-php security update

Source: DEBIAN
Type: UNKNOWN
DSA-3380

Source: MLIST
Type: UNKNOWN
[oss-security] 20151005 CVE request: issues fixed in PHP 5.6.14 and 5.5.30

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/ChangeLog-5.php

Source: BID
Type: UNKNOWN
76959

Source: CCN
Type: BID-76959
PHP PHAR Multiple Denial of Service Vulnerabilities

Source: SLACKWARE
Type: UNKNOWN
SSA:2016-034-04

Source: UBUNTU
Type: UNKNOWN
USN-2786-1

Source: CONFIRM
Type: Vendor Advisory
https://bugs.php.net/bug.php?id=70433

Source: XF
Type: UNKNOWN
php-pharmakedirstream-dos(106903)

Source: GENTOO
Type: UNKNOWN
GLSA-201606-10

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT205637

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version <= 10.11.1)

  • Configuration 2:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.5.29)
  • OR cpe:/a:php:php:5.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.12:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.13:-:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:php:php:5.5.29:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.1:-:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20157804
    V
    CVE-2015-7804
    2017-03-20
    oval:org.cisecurity:def:292
    P
    DSA-3380-1 php5 -- security update
    2016-02-08
    oval:com.ubuntu.precise:def:20157804000
    V
    CVE-2015-7804 on Ubuntu 12.04 LTS (precise) - low.
    2015-12-11
    oval:com.ubuntu.trusty:def:20157804000
    V
    CVE-2015-7804 on Ubuntu 14.04 LTS (trusty) - low.
    2015-12-11
    BACK
    apple mac os x *
    php php *
    php php 5.6.0
    php php 5.6.1
    php php 5.6.2
    php php 5.6.3
    php php 5.6.4
    php php 5.6.5
    php php 5.6.6
    php php 5.6.7
    php php 5.6.8
    php php 5.6.9
    php php 5.6.10
    php php 5.6.11
    php php 5.6.12
    php php 5.6.13
    php php 5.5.29
    php php 5.6.1