Security vulnerabilities have been discovered in curl and php5 that are used in IBM Security Network Intrusion Prevention System.
CVE-ID:CVE-2013-2174
**DESCRIPTION:**cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the curl_easy_unescape() function in lib/escape.c. While decoding URL encoded strings to raw binary data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Affected Versions: cURL and libcurl 7.7 through 7.30.0
CVSS:
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85180 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-ID:CVE-2014-0015
**DESCRIPTION:**libcURL could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim.
Affected Versions: cURL and libcurl 7.10.6 through 7.34.0
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90841 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE-ID:CVE-2014-0138
**DESCRIPTION:**cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the re-use of previously used connections when processing new requests. An attacker could exploit this vulnerability to hijack the privileges of a different user’s session and launch further attacks on the system.
Affected Versions: cURL and libcurl 7.10.6 before 7.36.0
CVSS:
CVSS Base Score: 6.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92131 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-ID:CVE-2014-0139
**DESCRIPTION:**cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by an error in the hostmatch() function when validating certificates containing an IP address with a wildcard match within the Common Name field. By sending a specially-crafted SSL certificate containing wildcard characters, a remote attacker could exploit this vulnerability to spoof the server and launch further attacks on the system.
Affected Versions: cURL and libcurl 7.1 before 7.36.0
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92130 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-ID:CVE-2013-4248
**DESCRIPTION:**PHP could allow a remote attacker to conduct spoofing attacks, caused by an error when handling certificates that contain hostnames with NULL bytes. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to spoof SSL servers.
Affected Versions: OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86429 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-ID:CVE-2013-6420
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by an error in the asn1_time_to_time_t() function when parsing X.509 certificates. An attacker could exploit this vulnerability using a specially-crafted X.509 certificate to corrupt memory and execute arbitrary code on the system.
Affected Versions: PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89602 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVE-ID:CVE-2014-2497
**DESCRIPTION:**LibGD is vulnerable to a denial of service, caused by a NULL pointer dereference in the gdImageCreateFromXpm function. A remote attacker could exploit this vulnerability to cause the application to crash. Note: This vulnerability also affects PHP.
Affected Versions: PHP 5.4.26 and earlier
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/91917 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID:CVE-2014-4049
**DESCRIPTION:**PHP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by when parsing DNS TXT record. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Affected Versions: PHP 5.6.0beta4 and earlier
CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93769 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
**Products:**GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions: 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3
The following IBM Threat Fixpacks have the fixes for these vulnerabilities:
_ IBM Security Network Intrusion Prevention System products at Firmware version 4.6.2___
__4.6.2.0-ISS-ProvG-AllModels-System-FP0001
IBM Security Network Intrusion Prevention System products at Firmware version 4.6.1_
_4.6.1.0-ISS-ProvG-AllModels-System-FP0005
IBM Security Network Intrusion Prevention System products at Firmware version 4.6_
_4.6.0.0-ISS-ProvG-AllModels-System-FP0003
IBM Security Network Intrusion Prevention System products at Firmware version 4.5_
_4.5.0.0-ISS-ProvG-AllModels-System-FP0005
IBM Security Network Intrusion Prevention System products at Firmware version 4.4_
_4.4.0.0-ISS-ProvG-AllModels-System-FP0005
IBM Security Network Intrusion Prevention System products at Firmware version 4.3_
_4.3.0.0-ISS-ProvG-AllModels-System-FP0003