Bugzilla – Bug 977000
VUL-0: CVE-2016-4071: php5,php53: php_snmp_error() Format String Vulnerability
Last modified: 2016-08-01 09:27:25 UTC
php_snmp_error() Format String Vulnerability https://bugs.php.net/bug.php?id=71704 https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8 It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Use CVE-2016-4071. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4071 http://seclists.org/oss-sec/2016/q2/138 http://bugs.gw.com/view.php?id=522#c1237
bugbot adjusting priority
Tested on 13.2 and 12. 11sp3's and 11's php does not have php_snmp_error() function nor calls zend_throw_exception_ex. Installed packages: php5, php5-snmp $ cat test.php <?php $session = new SNMP(SNMP::VERSION_3, "127.0.0.1", "public"); $session->exceptions_enabled = SNMP::ERRNO_ANY; // important! try { $session->get("%x%x%x%x%x%x%x%x"); } catch (SNMPException $e) { echo $e->getMessage(); } ?> $ BEFORE $ valgrind php test.php ... many valgrind errors ... $ AFTER $ valgrind php test.php ... no valgrind error ... $
Packages submitted.
This is an autogenerated message for OBS integration: This bug (977000) was mentioned in https://build.opensuse.org/request/show/391944 13.2 / php5
This is an autogenerated message for OBS integration: This bug (977000) was mentioned in https://build.opensuse.org/request/show/393784 13.2 / php5
This is an autogenerated message for OBS integration: This bug (977000) was mentioned in https://build.opensuse.org/request/show/394633 13.2 / php5
openSUSE-SU-2016:1274-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 976775,976996,976997,977000,977003,977005 CVE References: CVE-2015-8866,CVE-2015-8867,CVE-2016-3074,CVE-2016-4070,CVE-2016-4071,CVE-2016-4073 Sources used: openSUSE 13.2 (src): php5-5.6.1-57.1
SUSE-SU-2016:1277-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 976996,976997,977000,977003,977005 CVE References: CVE-2015-8866,CVE-2015-8867,CVE-2016-4070,CVE-2016-4071,CVE-2016-4073 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): php5-5.5.14-56.1 SUSE Linux Enterprise Software Development Kit 12 (src): php5-5.5.14-56.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-56.1
openSUSE-SU-2016:1373-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 976996,976997,977000,977003,977005 CVE References: CVE-2015-8866,CVE-2015-8867,CVE-2016-4070,CVE-2016-4071,CVE-2016-4073 Sources used: openSUSE Leap 42.1 (src): php5-5.5.14-47.1
released