Published On: Dec 06, 2018 13:21
Advisory No: TZCERT/SA/2018/12/05
Source: PHP, CISCO
Software Affected: PHP versions 5.x through 7.1.24
Potential vulnerability has been discovered in Hypertext Pre-processor (PHP) which can allow a remote attacker to cause denial of service condition on the affected system.
Advisory No: TZCERT/SA/2018/12/05 Date of First Release: 6th December, 2018 Source: PHP, CISCO Software Affected: PHP versions 5.x through 7.1.24 Overview: Potential vulnerability has been discovered in Hypertext Pre-processor (PHP) which can allow a remote attacker to cause denial of service condition on the affected system. Description: It has been revealed that “ext/standard/var.c” and “ext/standard/var_unserializer.c” files in PHP software are susceptible to Denial of Service (DoS) condition due to a NULL pointer dereference. A remote unauthorized user can exploit this vulnerability when either unserialize call is made to “ext/standard/var_unserializer.c” file for the “com”, “dotnet” and its variant class or a specially crafted request sent malicious input to the affected PHP software. Impact: Successful exploitation of the vulnerabilities can allow an attacker to trigger pointer dereference condition that cause users of software crash resulted into a DoS condition on affected PHP software. Solution: Users and System administrators are advised to update the affected PHP to the latest version as well as the implement the following security measures;
Successful exploitation of the vulnerabilities can allow an attacker to trigger pointer dereference condition that cause users of software crash resulted into a DoS condition on affected PHP software.
Users and System administrators are advised to update the affected PHP to the latest version as well as the implement the following security measures; Run firewall and antivirus applications to minimize the potential of inbound and outbound threats. Implement IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems. Implement a strong firewall policy and monitor the affected systems.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.