I have a web server that needs to pass a PCI compiance scan by ControlScan. Everything is good except for a scan they did of the PHP version. I believe I have the latest version that CentOS provides. Here's what they had to say:
THREAT REFERENCE
Summary:
vulnerable PHP version: 5.2.6
Risk: High (3)
Port: 80/tcp
Protocol: tcp
Threat ID: web_prog_php_version
Details: "php_quot_print_encode()" Buffer Overflow Vulnerability
06/10/13
CVE 2013-2110
PHP before 5.4.16 and 5.3.26 is prone to a vulnerability,
which can be exploited to execute arbitrary code.
The vulnerability is caused due to an error within the "php_quot_print_encode()" function
when parsing passed strings, which can be exploited to cause a heap-based buffer overflow.
PHP Unserialized Function Denial Of Service Vulnerability
03/20/13
CVE 2009-4418
PHP 5.3.0 and prior are prone to a vulnerability,
which can be exploited by malicious people to cause a denial of service.
The vulnerability is caused via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Vulnerability Fixed in 5.3.4
03/19/13
CVE 2006-7243
PHP version before 5.3.4 is prone to security bypass vulnerability. Successful exploit could allow malicious people to bypass certain security restrictions by placing a safe file extension after \0 character in a pathname.
Two Vulnerabilities Fixed in PHP 5.3.22 and 5.4.13
03/13/13
CVE 2013-1635
CVE 2013-1643
PHP versions before 5.3.22 and 5.4.x before 5.4.13 are prone to two vulnerabilities:
ext/soap/soap.c does not validate the relationship between soap.wsdl_cache_dir directive and open_basedir. The vulnerability could allow remote attackers to bypass access restrictions.
allows remote attackers to read arbitrary files while parsing a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference.
PHP 5.3.15 and 5.4.5 Fixed Potential Overflow
09/17/12
CVE 2012-2688
PHP before 5.3.15 and 5.4.x before 5.4.5 has unspecified vulnerability in the _php_stream_scandir function which has unknown impact and remote attack vectors, related to an "overflow."
PHP "open_basedir" Security Bypass Vulnerability
07/20/12
CVE 2012-3365
PHP versions prior to 5.3.15 are prone to security bypass vulnerability due to an error within the SQLite extension. Successful exploit could allow attackers to bypass "open_basedir" feature.
NULL pointer dereference vulnerability
05/29/12
CVE 2010-3709
PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 are prone to denial of service vulnerability because they fail to sufficiently sanitize user-supplied input. Attackers can exploit this issue to cause a NULL pointer dereference in ZipArchive::getArchiveComment() which could lead to a DoS (Denial of Service).
"PHP-CGI" query string parameter vulnerability
05/07/12
CVE 2012-1823
CVE 2012-2311
PHP 5.3.12 and prior and versions 5.4.2 and prior are prone to an information-disclosure vulnerability due to an error when parsing query string parameters from php files. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Zend Engine Use-after-free Heap Corruption Vulnerability
02/01/11
CVE 2010-4697
PHP before 5.2.15 and 5.3.4 is prone to a remote heap-corruption vulnerability.
Successful attacks will cause applications written in PHP to hang, creating a denial-of-service condition.
zend_strtod() Function Floating-Point Value Denial of Service Vulnerability
01/14/11
CVE 2010-4645
PHP before 5.2.17 and 5.3.5 is prone to a remote denial-of-service vulnerability.
Successful attacks will cause applications written in PHP to hang, creating a denial-of-service condition.
'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability
12/08/10
CVE 2010-4150
PHP 5.2.x through 5.2.14 and 5.3.4 and prior are prone to a denial--of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
open_basedir Security-Bypass Vulnerability
11/23/10
CVE 2010-3436
PHP 5.2.x through 5.2.14 and 5.3.3 and prior are prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions.
xml_utf8_decode() UTF-8 Input Validation Vulnerability
11/12/10
CVE 2010-3870
PHP before 5.3.4 is prone to a vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow attackers to provide unexpected input and possibly bypass input-validation protection mechanisms. This can aid in further attacks that may utilize crafted user-supplied input.
Vulnerabilities fixed in 5.2.14
02/18/11
CVE 2010-2484
CVE 2010-2531
PHP 5.2.14 fixed several vulnerabilities:
An interruption vulnerability in strrchr(),
through which an attacker could
bypass safe_mode and open_basedir security settings,
reveal contents of memory, corrupt memory,
or possibly inject and execute arbitrary code.
A data disclosure vulnerability in which var_export(),
on encountering a PHP error, still sends (partial) output text
to the visible Web page even when configured not to
(display_errors() off).
This vulnerability also affects PHP 5.3 before 5.3.3.
strrchr() Function Information Disclosure Vulnerability
07/22/10
PHP 5.3.2 and prior are prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
SplObjectStorage Unserializer Arbitrary Code Execution
07/14/10
CVE 2010-2225
PHP is prone to a vulnerability that an attacker could exploit to execute arbitrary
code with the privileges of the user running the affected application. Successful
exploits will compromise the application and possibly the computer.
Denial of Service in popen() API Function
07/09/10
CVE 2009-3294
PHP version 5.3.1 and prior, and 5.2.11 and prior are vulnerable to a denial of service attack due to a bug in the popen function.
Multiple Directory Traversal Vulnerabilities
07/09/10
CVE 2008-2829
PHP versions 5.2.6 and prior are vulnerable to a denial of service attack via legacy RFC822 API calls.
Multiple Directory Traversal Vulnerabilities
07/09/10
CVE 2008-2665
CVE 2008-2666
PHP versions 5.2.6 and prior are vulnerable to multiple directory traversal vulnerabilities.
Multiple Vulnerabilities in PHP 5.2.13 and 5.3.2
01/26/11
CVE 2010-2097
CVE 2010-2100
CVE 2010-2101
CVE 2010-2190
CVE 2010-2191
CVE 2010-3065
PHP 5.2.13 and 5.3.2 are affected by multiple vulnerabilities,
including vulnerabilities in many string functions. Attackers can read
or write to locations in memory.
Multiple Vulnerabilities in PHP 5.2.13 and 5.3.2
01/24/11
CVE 2010-1860
CVE 2010-1861
CVE 2010-1862
CVE 2010-1864
CVE 2010-1866
PHP 5.2.13 and 5.3.2 are affected by multiple vulnerabilities, including a vulnerability in html_entity_decode, the sysvshm extension, chunk_split, addcslashes, and the dechunk filter.
sqlite_single_query() and sqlite_array_query() Arbitrary Code Execution Vulnerabilities
06/01/10
CVE 2010-1868
PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are prone to multiple vulnerabilities that may allow attackers to execute arbitrary code.
Attackers can exploit these issues to run arbitrary code within the context of the PHP process.
This may allow them to bypass intended security restrictions or gain elevated privileges.
php_dechunk() HTTP Chunked Encoding Integer Overflow Vulnerability
05/25/10
PHP 5.3.0 through 5.3.2 are prone to a remote integer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the PHP process.
xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
04/09/10
CVE 2010-0397
PHP before 5.3.1 is prone to multiple denial-of-service vulnerabilities
because it fails to properly handle crafted XML-RPC requests.
Exploiting these issues allows remote attackers
to cause denial-of-service conditions in the context of an application using the vulnerable library.
Vulnerabilities fixed in 5.2.13
03/30/10
CVE 2010-1128
CVE 2010-1129
CVE 2010-1130
PHP 5.2.13 fixed multiple security vulnerabilities:
an error in the session extension which can be exploited to bypass the "safe_mode" and "open_basedir" feature,
a validation error within the "tempnam()" function, which can be exploited to bypass the "safe_mode" feature, and
a weakness which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable.
session_save_path() safe_mode Restriction-Bypass Vulnerability
03/19/10
PHP before 5.2.13 is prone to a 'safe_mode' restriction-bypass vulnerability.
Successful exploits could allow an attacker to write session files in arbitrary directions.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code;
the 'safe_mode' restrictions are assumed to isolate users from each other.
htmlspecialcharacters() Malformed Multibyte Character Cross Site Scripting Vulnerability
01/13/10
CVE 2009-4142
PHP before 5.2.12 is prone to a cross-site scripting vulnerability
because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site.
session.save_path() Arbitrary Code Execution
01/12/10
CVE 2009-4143
PHP before 5.2.12 is prone to an issue that an attacker could exploit to execute
arbitrary code. This may allow them to bypass intended security restrictions or gain elevated privileges.
proc_open() safe_mode_protected_env_var Restriction-Bypass Vulnerability
12/22/09
CVE 2009-4018
PHP before 5.3.1 is prone to a safe_mode restriction-bypass vulnerability.
Successfully exploiting this issue may allow attackers to alter the process environment,
which may lead to other attacks.
File Upload Denial-of-Service vulnerability in versions of PHP prior to 5.3.1
11/24/09
CVE 2009-4017
PHP versions 5.3.1 and prior, and versions 5.2.11 and prior, are prone
to a remote Denial-of-Service (DoS) attack caused by a vulnerability
in PHP's handling of Form-based File Upload (RFC 1867).
Any website that runs PHP and where file uploading is enabled (which
is the default configuration) is vulnerable. A file upload script does
not need to be present to exploit this vulnerability.
Multiple Restriction Bypass vulnerabilities in PHP
02/14/11
CVE
2009-3557
CVE
2009-3558
All versions of PHP before 5.2.12,
and 5.3 versions before 5.3.1,
have these vulnerabilities:
open_basedir Restriction Bypass vulnerability
in posix_mkfifo()
safe_mode Restriction Bypass vulnerability
in tempname()
Vulnerabilities fixed in 5.2.11
10/23/09
CVE 2009-3291
CVE 2009-3292
CVE 2009-3293
PHP 5.2.11 fixed multiple security vulnerabilities:
an unspecified vulnerability related to certificate validation inside php_openssl_apply_verification_policy,
an unspecified vulnerability related to missing sanity checks around exif processing, and
an unspecified vulnerability in the imagecolortransparent function.
Multiple Vulnerabilities in PHP 5.3.0
08/26/09
CVE 2009-2626
PHP 5.3.0 and prior are prone to two vulnerabilities:
mail.log Configuration Option open_basedir Restriction Bypass, and
ini_restore() Memory Information Disclosure.
Interruptions and Call-time Arbitrary Code Execution Vulnerability
08/21/09
PHP 5.2.10 and prior are prone to a vulnerability
that an attacker could exploit to execute arbitrary code with the privileges of the user running the affected application.
Successful exploits will compromise the application and possibly the computer.
Multiple Functions safe_mode Restriction Bypass Vulnerability
07/21/09
PHP 5.2.10 and prior are prone to safe_mode restriction-bypass vulnerability.
Successful exploits could allow an attacker to execute arbitrary code.
This vulnerability would be an issue in hosting environments where users can create and execute arbitrary PHP script code;
in such cases, the safe_mode restriction is expected to enforce certain restrictions on executing system commands.
This issue can also help in attacks exploiting other vulnerabilities, resulting in remote PHP code execution.
exif_read_data() JPEG Image Processing Denial Of Service Vulnerability
07/21/09
CVE 2009-2687
PHP before 5.2.10 is prone to a denial-of-service vulnerability in its exif_read_data() function.
Successful exploits may allow remote attackers to cause denial-of-service conditions
in applications that use the vulnerable function.
mb_ereg_replace() String Evaluation Vulnerability
06/01/09
The 'mb_ereg_replace()' function of PHP is prone to a vulnerability that can result
in the improper evaluation of user-supplied input.
Exploiting this issue may allow attackers to execute arbitrary PHP commands in the context of the affected application.
Vulnerabilities fixed in 5.2.9
03/16/09
CVE 2009-1271
CVE 2009-1272
PHP 5.2.9 fixed multiple security vulnerabilities.
Successful exploits could allow an attacker to cause a denial-of-service condition.
An unspecified issue with an unknown impact was also reported.
PHP popen() Function Buffer Overflow Vulnerability
01/27/09
PHP 5.2.8 and prior are prone to a buffer-overflow vulnerability
because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected web server.
PHP mbstring Buffer Overflow Vulnerability
01/05/09
CVE 2008-5557
PHP versions 4.3.0 up to 5.2.6 are vulnerable to a remote buffer overflow caused by
insufficient size checking when copying user supplied data in
ext/mbstring/libmbfl/filters/mbfilter_htmlent.c, part of mbstring extensions.
A successful exploit could execute arbitrary code on the vulnerable web server.
The mbstring extensions are part of the standard PHP distribution and are used
for languages that do not have a one to one 8 bit character mapping.
imageRotate() Uninitialized Memory Information Disclosure Vulnerability
01/05/09
CVE 2008-5498
PHP 5.2.8 and prior versions are prone to an information-disclosure vulnerability.
The array index error in the imageRotate function allows context-dependent attackers to read the contents of arbitrary memory locations
via a crafted value of the third argument for an indexed image.
error_log safe_mode Restriction-Bypass Vulnerability
12/11/08
CVE 2008-5625
PHP before 5.2.8 is prone to a safe_mode restriction-bypass vulnerability.
Successful exploits could allow an attacker to write files in unauthorized locations.
This vulnerability would be an issue in shared-hosting configurations
where multiple users can create and execute arbitrary PHP script code,
with the safe_mode restrictions assumed to isolate the users from each other.
Vulnerabilities fixed in 4.4.9
08/22/08
CVE 2008-3658
CVE 2008-3659
CVE 2008-3660
Vulnerabilities that were fixed in 4.4.9 include
a denial of service via a request with multiple dots preceding the extension,
a code execution vulnerability via the delimiter argument,
and a code execution vulnerability via a crafted font file.
Multiple Month of PHP Bugs vulnerabilities
04/02/07
CVE 2006-1549
CVE 2007-0908
CVE 2007-0988
CVE 2007-1285
CVE 2007-1286
CVE 2007-1287
CVE 2007-1325
CVE 2007-1375
CVE 2007-1376
CVE 2007-1378
CVE 2007-1379
CVE 2007-1380
CVE 2007-1383
CVE 2007-1399
CVE 2007-1452
CVE 2007-1453
CVE 2007-1454
CVE 2007-1460
CVE 2007-1461
CVE 2007-1484
CVE 2007-1521
CVE 2007-1522
CVE 2007-1581
CVE 2007-1582
CVE 2007-1583
CVE 2007-1584
CVE 2007-1649
CVE 2007-1700
CVE 2007-1711
CVE 2007-1717
CVE 2007-1718
CVE 2007-1777
CVE 2007-1824
CVE 2007-1883
CVE 2007-1884
CVE 2007-1885
CVE 2007-1886
CVE 2007-1887
CVE 2007-1888
CVE 2007-1889
CVE 2007-1890
CVE 2007-1900
CVE 2007-2509
CVE 2007-2510
CVE 2007-2511
CVE 2007-2727
CVE 2007-2748
PHP versions up to and including 4.4.6 and 5.2.1 have had multiple vulnerabilities discovered
as part of the Month of PHP Bugs project. They
include local and remote execution of arbitrary code, denial of service,
security bypass, cross-site scripting, e-mail header spoofing,
and information gathering vulnerabilities.
NOTE: CVE 2007-1581 was later reported that PHP 5.2.x through 5.2.13 and 5.3.x through 5.3.2 are also affected.
Information From Target:
Service: http
Sent: GET /javascript/ HTTP/1.0
Host:
User-Agent: Mozilla/4.0
Received: X-Powered-By: PHP/5.2.6
Here's my version of php:
rpm -qa php
php-5.2.6-1.el5.art
From my understanding, it's backported so although it's not the latest version, it still has security patches applied.
I believe I have the latest version installed that CentOS allows (in fact I just did an update a couple weeks ago) Here's the current output:
yum update php
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: mirror.es.its.nyu.edu
* base: mirror.atlanticmetro.net
* extras: mirrors.advancedhosters.com
* updates: mirror.linux.duke.edu
addons | 1.9 kB 00:00
base | 1.1 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
Setting up Update Process
No Packages marked for Update
They asked for the changelog, so I ran:
rpm -q --changelog php
but it lists no CVE's.... How can I determine if PHP actually contains these vulnerabilities? I'm at the end of my rope with this... It's frustrating because they're not actually testing vulnerabilities, they're just picking up a version number from the headers... :/