Advisory No: TZCERT/SA/2018/12/05

Date of First Release: 6^th December, 2018

Source: PHP, CISCO

Software Affected: PHP versions 5.x through 7.1.24

Overview:
Potential vulnerability has been discovered in Hypertext Pre-processor (PHP) which can allow a remote attacker to cause denial of service condition on the affected system.

Description:

It has been revealed that “ext/standard/var.c” and “ext/standard/var_unserializer.c” files in PHP software are susceptible to Denial of Service (DoS) condition due to a NULL pointer dereference.

A  remote unauthorized user can exploit this vulnerability when either unserialize call is made to “ext/standard/var_unserializer.c” file for the “com”, “dotnet” and its variant class or a specially crafted request sent malicious input to the affected PHP software.

Impact:

Successful exploitation of the vulnerabilities can allow an attacker to trigger pointer dereference condition that cause users of software crash resulted into a DoS condition on affected PHP software.

Solution:

Users and System administrators are advised to update the affected PHP to the latest version as well as the implement the following security measures;

1. Run firewall and antivirus applications to minimize the potential of inbound and outbound threats.
2. Implement IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
3. Implement a strong firewall policy and monitor the affected systems.

References:

1. https://tools.cisco.com/security/center/viewAlert.x?alertId=59180
2. https://tools.cisco.com/security/center/viewAlert.x?alertId=59181
3. https://www.securityfocus.com/bid/105989

Cisco has released security update to address vulnerability in Cisco Prime License Manager. Exploitation of this vulnerability may allow an attacker to take control of affected database with privileges of the postgres user.

Users and Administrators are encouraged to review Cisco Security Advisory and apply necessary updates.

Samba has released security update to address multiple vulnerabilities in samba. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review released samba security announcement and apply necessary updates. For more information visit CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853 and CVE-2018-16857.

VMware has released security updates to address vulnerabilities in Fusion Pro and Workstation Pro. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and Administrators are encouraged to review VMware security advisory and apply necessary updates.

VMware has released security update to address vulnerability in VMware vRealize Log Insight (vRLI). Exploitation of this vulnerability may allow an attacker to take control of affected system.

Users and Administrators are encouraged to review VMware Security Advisory and apply necessary updates.