Security Bulletin
Summary
Multiple vulnerabilities have been identified in php that is embedded in the IBM FSM. This fix addresses these vulnerabilities.
Vulnerability Details
CVEID: CVE-2016-7124
DESCRIPTION: PHP is vulnerable to a denial of service, caused by the improper handling of invalid objects by ext/standard/var_unserializer.c. An attacker could exploit this vulnerability using specially crafted serialized data to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116959 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-7125
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by the skipping of invalid session names that triggers incorrect parsing by ext/session/session.c. An attacker could exploit this vulnerability using control of a session name to inject and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116958 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-7126
DESCRIPTION: PHP is vulnerable to a denial of service, caused by the failure to properly validate the number of colors by the imagetruecolortopalette function. An attacker could exploit this vulnerability using a large value in the third argument to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116957 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-7127
DESCRIPTION: PHP is vulnerable to a denial of service, caused by the failure to properly validate gamma values by the imagegammacorrect functions. By providing different signs for the second and third arguments, an attacker could exploit this vulnerability to cause an out-of-bounds write.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116956 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-7128
DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by the improper handling of the case of a thumbnail offset that exceeds the file size by the exif_process_IFD_in_TIFF function. An attacker could exploit this vulnerability using a specially crafted TIFF image to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116955 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-7129
DESCRIPTION: PHP is vulnerable to a denial of service, caused by an error in the php_wddx_process_data function. An attacker could exploit this vulnerability using an invalid ISO 8601 time value to cause a segmentation fault.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116954 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-7130
DESCRIPTION: PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in the php_wddx_pop_element function. An attacker could exploit this vulnerability using an invalid base64 binary value to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116960 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-7131
DESCRIPTION: PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/wddx/wddx.c. An attacker could exploit this vulnerability using an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116953 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-7132
DESCRIPTION: PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/wddx/wddx.c. An attacker could exploit this vulnerability using an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116952 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-7411
DESCRIPTION: PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a memory corruption error during deserialized object destruction. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116949 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-7413
DESCRIPTION: PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a use-after-free in wddx_deserialize(). An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116947 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-7417
DESCRIPTION: PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a memory corruption error when unserializing SplArray. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116945 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-7418
DESCRIPTION: PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory read in php_wddx_push_element(). An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x
Remediation/Fixes
IBM recommends updating the FSM using the instructions referenced in this table.
|
|
|
|
Flex System Manager |
| IT17653 | Install fsmfix1.3.4.0_IT17534_IT17536_IT17537_IT17653 |
Flex System Manager |
| IT17653 | Install fsmfix1.3.3.0_IT17534_IT17536_IT17537_IT17653 |
Flex System Manager |
| IT17653 | Install fsmfix1.3.2.0_IT17534_IT17536_IT17537_IT17653 |
For a complete list of FSM security bulletins refer to this technote: http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E
For 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
14 November 2016 : Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
Advisory 6950, PRID 85873
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1024488