Think you have a false positive on this rule?

Sid 1-35940

Message

SERVER-WEBAPP PHP pharparsetarfile method integer overflow attempt

Summary

The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.

Impact

CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2015-4021:

CVSS base score 5.0

CVSS impact score 2.9

CVSS exploitability score 10.0

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2015-4021: The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.

Affected systems

  • php php 5.4.39
  • php php 5.4.40
  • php php 5.5.0
  • php php 5.5.1
  • php php 5.5.2
  • php php 5.5.3
  • php php 5.5.4
  • php php 5.5.5
  • php php 5.5.6
  • php php 5.5.7
  • php php 5.5.8
  • php php 5.5.9
  • php php 5.5.10
  • php php 5.5.11
  • php php 5.5.12
  • php php 5.5.13
  • php php 5.5.14
  • php php 5.5.18
  • php php 5.5.19
  • php php 5.5.20
  • php php 5.5.21
  • php php 5.5.22
  • php php 5.5.23
  • php php 5.5.24
  • php php 5.6.0
  • php php 5.6.2
  • php php 5.6.3
  • php php 5.6.4
  • php php 5.6.5
  • php php 5.6.6
  • php php 5.6.7
  • php php 5.6.8
  • apple macosx 10.10.4
  • redhat enterprise_linux 6
  • redhat enterprise_linux 7.0
  • redhat enterpriselinuxdesktop 7.0
  • redhat enterpriselinuxhpc_node 7.0
  • redhat enterpriselinuxhpcnodeeus 7.1
  • redhat enterpriselinuxserver 7.0
  • redhat enterpriselinuxserver_eus 7.1
  • redhat enterpriselinuxworkstation 7.0

Ease of attack

CVE-2015-4021:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • php.net/ChangeLog-5.php|23|5.6.9