Details of VAR-201312-0207

ID

VAR-201312-0207

CVE

CVE-2013-6420

TITLE

PHP of ext/openssl/openssl.c Inside asn1_time_to_time_t Vulnerability in arbitrary code execution in function

Trust: 0.8

sources: JVNDB: JVNDB-2013-005585

DESCRIPTION

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability is caused by the openssl_x509_parse() function not correctly parsing the notBefore and notAfter timestamps in the X.509 certificate. The following versions are affected: PHP prior to 5.3.28, 5.4.x prior to 5.4.23, 5.5.x prior to 5.5.7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php53 and php security update Advisory ID: RHSA-2013:1813-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1813.html Issue date: 2013-12-11 CVE Names: CVE-2013-6420 ===================================================================== 1. Summary: Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 and php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php53-5.3.3-22.el5_10.src.rpm i386: php53-5.3.3-22.el5_10.i386.rpm php53-bcmath-5.3.3-22.el5_10.i386.rpm php53-cli-5.3.3-22.el5_10.i386.rpm php53-common-5.3.3-22.el5_10.i386.rpm php53-dba-5.3.3-22.el5_10.i386.rpm php53-debuginfo-5.3.3-22.el5_10.i386.rpm php53-devel-5.3.3-22.el5_10.i386.rpm php53-gd-5.3.3-22.el5_10.i386.rpm php53-imap-5.3.3-22.el5_10.i386.rpm php53-intl-5.3.3-22.el5_10.i386.rpm php53-ldap-5.3.3-22.el5_10.i386.rpm php53-mbstring-5.3.3-22.el5_10.i386.rpm php53-mysql-5.3.3-22.el5_10.i386.rpm php53-odbc-5.3.3-22.el5_10.i386.rpm php53-pdo-5.3.3-22.el5_10.i386.rpm php53-pgsql-5.3.3-22.el5_10.i386.rpm php53-process-5.3.3-22.el5_10.i386.rpm php53-pspell-5.3.3-22.el5_10.i386.rpm php53-snmp-5.3.3-22.el5_10.i386.rpm php53-soap-5.3.3-22.el5_10.i386.rpm php53-xml-5.3.3-22.el5_10.i386.rpm php53-xmlrpc-5.3.3-22.el5_10.i386.rpm x86_64: php53-5.3.3-22.el5_10.x86_64.rpm php53-bcmath-5.3.3-22.el5_10.x86_64.rpm php53-cli-5.3.3-22.el5_10.x86_64.rpm php53-common-5.3.3-22.el5_10.x86_64.rpm php53-dba-5.3.3-22.el5_10.x86_64.rpm php53-debuginfo-5.3.3-22.el5_10.x86_64.rpm php53-devel-5.3.3-22.el5_10.x86_64.rpm php53-gd-5.3.3-22.el5_10.x86_64.rpm php53-imap-5.3.3-22.el5_10.x86_64.rpm php53-intl-5.3.3-22.el5_10.x86_64.rpm php53-ldap-5.3.3-22.el5_10.x86_64.rpm php53-mbstring-5.3.3-22.el5_10.x86_64.rpm php53-mysql-5.3.3-22.el5_10.x86_64.rpm php53-odbc-5.3.3-22.el5_10.x86_64.rpm php53-pdo-5.3.3-22.el5_10.x86_64.rpm php53-pgsql-5.3.3-22.el5_10.x86_64.rpm php53-process-5.3.3-22.el5_10.x86_64.rpm php53-pspell-5.3.3-22.el5_10.x86_64.rpm php53-snmp-5.3.3-22.el5_10.x86_64.rpm php53-soap-5.3.3-22.el5_10.x86_64.rpm php53-xml-5.3.3-22.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-22.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php53-5.3.3-22.el5_10.src.rpm i386: php53-5.3.3-22.el5_10.i386.rpm php53-bcmath-5.3.3-22.el5_10.i386.rpm php53-cli-5.3.3-22.el5_10.i386.rpm php53-common-5.3.3-22.el5_10.i386.rpm php53-dba-5.3.3-22.el5_10.i386.rpm php53-debuginfo-5.3.3-22.el5_10.i386.rpm php53-devel-5.3.3-22.el5_10.i386.rpm php53-gd-5.3.3-22.el5_10.i386.rpm php53-imap-5.3.3-22.el5_10.i386.rpm php53-intl-5.3.3-22.el5_10.i386.rpm php53-ldap-5.3.3-22.el5_10.i386.rpm php53-mbstring-5.3.3-22.el5_10.i386.rpm php53-mysql-5.3.3-22.el5_10.i386.rpm php53-odbc-5.3.3-22.el5_10.i386.rpm php53-pdo-5.3.3-22.el5_10.i386.rpm php53-pgsql-5.3.3-22.el5_10.i386.rpm php53-process-5.3.3-22.el5_10.i386.rpm php53-pspell-5.3.3-22.el5_10.i386.rpm php53-snmp-5.3.3-22.el5_10.i386.rpm php53-soap-5.3.3-22.el5_10.i386.rpm php53-xml-5.3.3-22.el5_10.i386.rpm php53-xmlrpc-5.3.3-22.el5_10.i386.rpm ia64: php53-5.3.3-22.el5_10.ia64.rpm php53-bcmath-5.3.3-22.el5_10.ia64.rpm php53-cli-5.3.3-22.el5_10.ia64.rpm php53-common-5.3.3-22.el5_10.ia64.rpm php53-dba-5.3.3-22.el5_10.ia64.rpm php53-debuginfo-5.3.3-22.el5_10.ia64.rpm php53-devel-5.3.3-22.el5_10.ia64.rpm php53-gd-5.3.3-22.el5_10.ia64.rpm php53-imap-5.3.3-22.el5_10.ia64.rpm php53-intl-5.3.3-22.el5_10.ia64.rpm php53-ldap-5.3.3-22.el5_10.ia64.rpm php53-mbstring-5.3.3-22.el5_10.ia64.rpm php53-mysql-5.3.3-22.el5_10.ia64.rpm php53-odbc-5.3.3-22.el5_10.ia64.rpm php53-pdo-5.3.3-22.el5_10.ia64.rpm php53-pgsql-5.3.3-22.el5_10.ia64.rpm php53-process-5.3.3-22.el5_10.ia64.rpm php53-pspell-5.3.3-22.el5_10.ia64.rpm php53-snmp-5.3.3-22.el5_10.ia64.rpm php53-soap-5.3.3-22.el5_10.ia64.rpm php53-xml-5.3.3-22.el5_10.ia64.rpm php53-xmlrpc-5.3.3-22.el5_10.ia64.rpm ppc: php53-5.3.3-22.el5_10.ppc.rpm php53-bcmath-5.3.3-22.el5_10.ppc.rpm php53-cli-5.3.3-22.el5_10.ppc.rpm php53-common-5.3.3-22.el5_10.ppc.rpm php53-dba-5.3.3-22.el5_10.ppc.rpm php53-debuginfo-5.3.3-22.el5_10.ppc.rpm php53-devel-5.3.3-22.el5_10.ppc.rpm php53-gd-5.3.3-22.el5_10.ppc.rpm php53-imap-5.3.3-22.el5_10.ppc.rpm php53-intl-5.3.3-22.el5_10.ppc.rpm php53-ldap-5.3.3-22.el5_10.ppc.rpm php53-mbstring-5.3.3-22.el5_10.ppc.rpm php53-mysql-5.3.3-22.el5_10.ppc.rpm php53-odbc-5.3.3-22.el5_10.ppc.rpm php53-pdo-5.3.3-22.el5_10.ppc.rpm php53-pgsql-5.3.3-22.el5_10.ppc.rpm php53-process-5.3.3-22.el5_10.ppc.rpm php53-pspell-5.3.3-22.el5_10.ppc.rpm php53-snmp-5.3.3-22.el5_10.ppc.rpm php53-soap-5.3.3-22.el5_10.ppc.rpm php53-xml-5.3.3-22.el5_10.ppc.rpm php53-xmlrpc-5.3.3-22.el5_10.ppc.rpm s390x: php53-5.3.3-22.el5_10.s390x.rpm php53-bcmath-5.3.3-22.el5_10.s390x.rpm php53-cli-5.3.3-22.el5_10.s390x.rpm php53-common-5.3.3-22.el5_10.s390x.rpm php53-dba-5.3.3-22.el5_10.s390x.rpm php53-debuginfo-5.3.3-22.el5_10.s390x.rpm php53-devel-5.3.3-22.el5_10.s390x.rpm php53-gd-5.3.3-22.el5_10.s390x.rpm php53-imap-5.3.3-22.el5_10.s390x.rpm php53-intl-5.3.3-22.el5_10.s390x.rpm php53-ldap-5.3.3-22.el5_10.s390x.rpm php53-mbstring-5.3.3-22.el5_10.s390x.rpm php53-mysql-5.3.3-22.el5_10.s390x.rpm php53-odbc-5.3.3-22.el5_10.s390x.rpm php53-pdo-5.3.3-22.el5_10.s390x.rpm php53-pgsql-5.3.3-22.el5_10.s390x.rpm php53-process-5.3.3-22.el5_10.s390x.rpm php53-pspell-5.3.3-22.el5_10.s390x.rpm php53-snmp-5.3.3-22.el5_10.s390x.rpm php53-soap-5.3.3-22.el5_10.s390x.rpm php53-xml-5.3.3-22.el5_10.s390x.rpm php53-xmlrpc-5.3.3-22.el5_10.s390x.rpm x86_64: php53-5.3.3-22.el5_10.x86_64.rpm php53-bcmath-5.3.3-22.el5_10.x86_64.rpm php53-cli-5.3.3-22.el5_10.x86_64.rpm php53-common-5.3.3-22.el5_10.x86_64.rpm php53-dba-5.3.3-22.el5_10.x86_64.rpm php53-debuginfo-5.3.3-22.el5_10.x86_64.rpm php53-devel-5.3.3-22.el5_10.x86_64.rpm php53-gd-5.3.3-22.el5_10.x86_64.rpm php53-imap-5.3.3-22.el5_10.x86_64.rpm php53-intl-5.3.3-22.el5_10.x86_64.rpm php53-ldap-5.3.3-22.el5_10.x86_64.rpm php53-mbstring-5.3.3-22.el5_10.x86_64.rpm php53-mysql-5.3.3-22.el5_10.x86_64.rpm php53-odbc-5.3.3-22.el5_10.x86_64.rpm php53-pdo-5.3.3-22.el5_10.x86_64.rpm php53-pgsql-5.3.3-22.el5_10.x86_64.rpm php53-process-5.3.3-22.el5_10.x86_64.rpm php53-pspell-5.3.3-22.el5_10.x86_64.rpm php53-snmp-5.3.3-22.el5_10.x86_64.rpm php53-soap-5.3.3-22.el5_10.x86_64.rpm php53-xml-5.3.3-22.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-22.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-bcmath-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm x86_64: php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm ppc64: php-5.3.3-27.el6_5.ppc64.rpm php-cli-5.3.3-27.el6_5.ppc64.rpm php-common-5.3.3-27.el6_5.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.ppc64.rpm php-gd-5.3.3-27.el6_5.ppc64.rpm php-ldap-5.3.3-27.el6_5.ppc64.rpm php-mysql-5.3.3-27.el6_5.ppc64.rpm php-odbc-5.3.3-27.el6_5.ppc64.rpm php-pdo-5.3.3-27.el6_5.ppc64.rpm php-pgsql-5.3.3-27.el6_5.ppc64.rpm php-soap-5.3.3-27.el6_5.ppc64.rpm php-xml-5.3.3-27.el6_5.ppc64.rpm php-xmlrpc-5.3.3-27.el6_5.ppc64.rpm s390x: php-5.3.3-27.el6_5.s390x.rpm php-cli-5.3.3-27.el6_5.s390x.rpm php-common-5.3.3-27.el6_5.s390x.rpm php-debuginfo-5.3.3-27.el6_5.s390x.rpm php-gd-5.3.3-27.el6_5.s390x.rpm php-ldap-5.3.3-27.el6_5.s390x.rpm php-mysql-5.3.3-27.el6_5.s390x.rpm php-odbc-5.3.3-27.el6_5.s390x.rpm php-pdo-5.3.3-27.el6_5.s390x.rpm php-pgsql-5.3.3-27.el6_5.s390x.rpm php-soap-5.3.3-27.el6_5.s390x.rpm php-xml-5.3.3-27.el6_5.s390x.rpm php-xmlrpc-5.3.3-27.el6_5.s390x.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-bcmath-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm ppc64: php-bcmath-5.3.3-27.el6_5.ppc64.rpm php-dba-5.3.3-27.el6_5.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.ppc64.rpm php-devel-5.3.3-27.el6_5.ppc64.rpm php-embedded-5.3.3-27.el6_5.ppc64.rpm php-enchant-5.3.3-27.el6_5.ppc64.rpm php-fpm-5.3.3-27.el6_5.ppc64.rpm php-imap-5.3.3-27.el6_5.ppc64.rpm php-intl-5.3.3-27.el6_5.ppc64.rpm php-mbstring-5.3.3-27.el6_5.ppc64.rpm php-process-5.3.3-27.el6_5.ppc64.rpm php-pspell-5.3.3-27.el6_5.ppc64.rpm php-recode-5.3.3-27.el6_5.ppc64.rpm php-snmp-5.3.3-27.el6_5.ppc64.rpm php-tidy-5.3.3-27.el6_5.ppc64.rpm php-zts-5.3.3-27.el6_5.ppc64.rpm s390x: php-bcmath-5.3.3-27.el6_5.s390x.rpm php-dba-5.3.3-27.el6_5.s390x.rpm php-debuginfo-5.3.3-27.el6_5.s390x.rpm php-devel-5.3.3-27.el6_5.s390x.rpm php-embedded-5.3.3-27.el6_5.s390x.rpm php-enchant-5.3.3-27.el6_5.s390x.rpm php-fpm-5.3.3-27.el6_5.s390x.rpm php-imap-5.3.3-27.el6_5.s390x.rpm php-intl-5.3.3-27.el6_5.s390x.rpm php-mbstring-5.3.3-27.el6_5.s390x.rpm php-process-5.3.3-27.el6_5.s390x.rpm php-pspell-5.3.3-27.el6_5.s390x.rpm php-recode-5.3.3-27.el6_5.s390x.rpm php-snmp-5.3.3-27.el6_5.s390x.rpm php-tidy-5.3.3-27.el6_5.s390x.rpm php-zts-5.3.3-27.el6_5.s390x.rpm x86_64: php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-bcmath-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm x86_64: php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSp/kuXlSAg2UNWIIRAsN9AJsFWuIF8JEVoF1Y/goPkg1yI/+3IACePCiV 2CQU+cEMP+4u5wqoYxKwBKs= =Wg9C -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Release Date: 2014-09-30 Last Updated: 2014-09-30 Potential Security Impact: Cross-site scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. References: CVE-2013-4545 Unauthorized modification CVE-2013-6420 (SSRT101447) Unauthorized disclosure of information CVE-2013-6422 Unauthorized disclosure of information CVE-2013-6712 (SSRT101447) Denial of Service (DoS) CVE-2014-2640 (SSRT101633, SSRT101438) Cross-site Scripting (XSS) CVE-2014-2641 (SSRT101438) Cross-site Request Forgery (CSRF) CVE-2014-2642 (SSRT101701) Clickjacking SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) for Linux and Windows prior to version 7.4 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4545 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-6420 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-6422 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-6712 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-2640 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2641 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2014-2642 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH) for Linux and Windows: http://h18013.www1.hp.com/products/servers/management/agents/ HISTORY Version:1 (rev.1) - 30 September 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.24-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.24-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.24-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.24-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.24-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.24-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.24-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 1c864df50286602ccb2d3efbabb9d7ec php-5.4.24-i486-1_slack14.0.txz Slackware x86_64 14.0 package: cc0f365855b83708c82a84ea44a4ad21 php-5.4.24-x86_64-1_slack14.0.txz Slackware 14.1 package: 1091912280ef2fbe271da2aa304dba36 php-5.4.24-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 22b91ef0428a15b3124c5b4fb911b1bc php-5.4.24-x86_64-1_slack14.1.txz Slackware -current package: f306c21609d14c7380295d63054d8f46 n/php-5.4.24-i486-1.txz Slackware x86_64 -current package: 3cb4ff4fdaba44aa5ed3a946adbe9c9f n/php-5.4.24-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.24-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 2.16

sources: NVD: CVE-2013-6420 // JVNDB: JVNDB-2013-005585 // VULHUB: VHN-66422 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 128505 // PACKETSTORM: 124776 // PACKETSTORM: 124391

AFFECTED PRODUCTS

vendor:	php	model:	php	scope:	eq	version:	5.5.4	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.6	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.2	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.1	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.5	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.3	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	lte	version:	10.9.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.6	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.17	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.14	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.13	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.12	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.22	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.19	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.23	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.20	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.17	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.4	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.3	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.16	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.8	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.9	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.12	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.7	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.24	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.26	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.14	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.5	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.6	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.13	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.16	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.9	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.22	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.15	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.19	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.11	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.3	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.2	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.4	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.25	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.8	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.11	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.21	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.2	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.7	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.21	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.5	Trust: 1.0
vendor:	php	model:	php	scope:	lte	version:	5.3.27	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.15	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.2	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.0	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.10	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.10	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.18	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.0	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.18	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.20	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.4	Trust: 1.0
vendor:	the php group	model:	php	scope:	eq	version:	5.4.23	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.8.5	Trust: 0.8
vendor:	the php group	model:	php	scope:	lt	version:	5.5.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.9.1	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.7.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.9	Trust: 0.8
vendor:	the php group	model:	php	scope:	eq	version:	5.5.7	Trust: 0.8
vendor:	the php group	model:	php	scope:	lt	version:	5.4.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7.5	Trust: 0.8

sources: CNNVD: CNNVD-201312-348 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6420
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-6420
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201312-348
value:	HIGH
Trust: 0.6
VULHUB:	VHN-66422
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-6420
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66422
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66422 // CNNVD: CNNVD-201312-348 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124391 // CNNVD: CNNVD-201312-348

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201312-348

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005585

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-66422

PATCH

title:	APPLE-SA-2014-02-25-1	url:	http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html	Trust: 0.8
title:	HT6150	url:	http://support.apple.com/kb/HT6150	Trust: 0.8
title:	HT6150	url:	http://support.apple.com/kb/HT6150?viewlocale=ja_JP	Trust: 0.8
title:	InterWorx Version 5.0.14 Released on Beta Channel!	url:	http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!	Trust: 0.8
title:	Bug 1036830	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1036830	Trust: 0.8
title:	Multiple Buffer Errors vulnerabilities in PHP	url:	https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in1	Trust: 0.8
title:	Fix CVE-2013-6420 - memory corruption in openssl_x509_parse	url:	http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415	Trust: 0.8
title:	PHP 5 ChangeLog	url:	http://www.php.net/ChangeLog-5.php	Trust: 0.8
title:	php-5.5.7	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47192	Trust: 0.6
title:	php-5.4.23	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47191	Trust: 0.6
title:	php-5.3.28	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47190	Trust: 0.6

sources: CNNVD: CNNVD-201312-348 // JVNDB: JVNDB-2013-005585

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6420	Trust: 3.0
db:	SECTRACK	id:	1029472	Trust: 1.1
db:	SECUNIA	id:	59652	Trust: 1.1
db:	BID	id:	64225	Trust: 1.1
db:	JVN	id:	JVNVU95868425	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005585	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-348	Trust: 0.7
db:	SECUNIA	id:	56071	Trust: 0.6
db:	SECUNIA	id:	56055	Trust: 0.6
db:	SECUNIA	id:	56070	Trust: 0.6
db:	PACKETSTORM	id:	124391	Trust: 0.2
db:	PACKETSTORM	id:	124776	Trust: 0.2
db:	PACKETSTORM	id:	124383	Trust: 0.2
db:	PACKETSTORM	id:	124384	Trust: 0.2
db:	PACKETSTORM	id:	124532	Trust: 0.1
db:	PACKETSTORM	id:	124389	Trust: 0.1
db:	PACKETSTORM	id:	124390	Trust: 0.1
db:	PACKETSTORM	id:	124407	Trust: 0.1
db:	PACKETSTORM	id:	124436	Trust: 0.1
db:	PACKETSTORM	id:	124406	Trust: 0.1
db:	SEEBUG	id:	SSVID-83792	Trust: 0.1
db:	EXPLOIT-DB	id:	30395	Trust: 0.1
db:	VULHUB	id:	VHN-66422	Trust: 0.1
db:	PACKETSTORM	id:	128505	Trust: 0.1

sources: VULHUB: VHN-66422 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 128505 // PACKETSTORM: 124776 // PACKETSTORM: 124391 // CNNVD: CNNVD-201312-348 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

REFERENCES

url:	https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html	Trust: 2.5
url:	http://www.php.net/changelog-5.php	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1036830	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2013-1813.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2013-1815.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2013-1826.html	Trust: 1.2
url:	http://www.securityfocus.com/bid/64225	Trust: 1.1
url:	http://forums.interworx.com/threads/8000-interworx-version-5-0-14-released-on-beta-channel%21	Trust: 1.1
url:	http://support.apple.com/kb/ht6150	Trust: 1.1
url:	http://www.debian.org/security/2013/dsa-2816	Trust: 1.1
url:	https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04463322	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2013-1824.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2013-1825.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1029472	Trust: 1.1
url:	http://secunia.com/advisories/59652	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-2055-1	Trust: 1.1
url:	http://git.php.net/?p=php-src.git%3ba=commit%3bh=c1224573c773b6845e83505f717fbf820fc18415	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6420	Trust: 0.9
url:	http://jvn.jp/vu/jvnvu95868425/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6420	Trust: 0.8
url:	http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415	Trust: 0.7
url:	http://secunia.com/advisories/56055	Trust: 0.6
url:	http://secunia.com/advisories/56070	Trust: 0.6
url:	http://secunia.com/advisories/56071	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6420	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.3
url:	https://access.redhat.com/site/articles/11258	Trust: 0.3
url:	https://www.redhat.com/security/data/cve/cve-2013-6420.html	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.1
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2640	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6422	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4545	Trust: 0.1
url:	http://h18013.www1.hp.com/products/servers/management/agents/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6712	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2642	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124391

SOURCES

db:	VULHUB	id:	VHN-66422
db:	PACKETSTORM	id:	124383
db:	PACKETSTORM	id:	124384
db:	PACKETSTORM	id:	128505
db:	PACKETSTORM	id:	124776
db:	PACKETSTORM	id:	124391
db:	CNNVD	id:	CNNVD-201312-348
db:	JVNDB	id:	JVNDB-2013-005585
db:	NVD	id:	CVE-2013-6420

LAST UPDATE DATE

2025-11-21T21:21:55.871000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66422	date:	2018-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201312-348	date:	2013-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-005585	date:	2015-08-10T00:00:00
db:	NVD	id:	CVE-2013-6420	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66422	date:	2013-12-17T00:00:00
db:	PACKETSTORM	id:	124383	date:	2013-12-11T06:56:18
db:	PACKETSTORM	id:	124384	date:	2013-12-11T06:56:45
db:	PACKETSTORM	id:	128505	date:	2014-10-01T19:15:04
db:	PACKETSTORM	id:	124776	date:	2014-01-14T14:44:00
db:	PACKETSTORM	id:	124391	date:	2013-12-12T04:29:50
db:	CNNVD	id:	CNNVD-201312-348	date:	2013-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-005585	date:	2013-12-18T00:00:00
db:	NVD	id:	CVE-2013-6420	date:	2013-12-17T04:46:45.877