Security Bulletin: Network Intrusion Prevention System is affected by curl and php5 vulnerabilities (CVE-2013-2174, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2013-4248, CVE-2013-6420, CVE-2014-2497, CVE-2014-4049)

Vulnerability Details

CVE-ID: CVE-2013-2174

DESCRIPTION: cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the curl_easy_unescape() function in lib/escape.c. While decoding URL encoded strings to raw binary data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Affected Versions: cURL and libcurl 7.7 through 7.30.0

CVSS:
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85180 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)



CVE-ID: CVE-2014-0015

DESCRIPTION: libcURL could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim.
Affected Versions: cURL and libcurl 7.10.6 through 7.34.0

CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90841 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)



CVE-ID: CVE-2014-0138

DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the re-use of previously used connections when processing new requests. An attacker could exploit this vulnerability to hijack the privileges of a different user's session and launch further attacks on the system.
Affected Versions: cURL and libcurl 7.10.6 before 7.36.0

CVSS:
CVSS Base Score: 6.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92131 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)



CVE-ID: CVE-2014-0139

DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by an error in the hostmatch() function when validating certificates containing an IP address with a wildcard match within the Common Name field. By sending a specially-crafted SSL certificate containing wildcard characters, a remote attacker could exploit this vulnerability to spoof the server and launch further attacks on the system.
Affected Versions: cURL and libcurl 7.1 before 7.36.0

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92130 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)



CVE-ID: CVE-2013-4248

DESCRIPTION: PHP could allow a remote attacker to conduct spoofing attacks, caused by an error when handling certificates that contain hostnames with NULL bytes. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to spoof SSL servers.
Affected Versions: OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86429 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)



CVE-ID: CVE-2013-6420

DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by an error in the asn1_time_to_time_t() function when parsing X.509 certificates. An attacker could exploit this vulnerability using a specially-crafted X.509 certificate to corrupt memory and execute arbitrary code on the system.
Affected Versions: PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7

CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89602 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)



CVE-ID: CVE-2014-2497

DESCRIPTION: LibGD is vulnerable to a denial of service, caused by a NULL pointer dereference in the gdImageCreateFromXpm function. A remote attacker could exploit this vulnerability to cause the application to crash. Note: This vulnerability also affects PHP.
Affected Versions: PHP 5.4.26 and earlier

CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/91917 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)



CVE-ID: CVE-2014-4049

DESCRIPTION: PHP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by when parsing DNS TXT record. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Affected Versions: PHP 5.6.0beta4 and earlier

CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93769 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)