CVE-2015-4026

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
phpphp
𝑥
≤ 5.4.40
phpphp
5.4.39
phpphp
5.5.0
phpphp
5.5.0:alpha1
phpphp
5.5.0:alpha2
phpphp
5.5.0:alpha3
phpphp
5.5.0:alpha4
phpphp
5.5.0:alpha5
phpphp
5.5.0:alpha6
phpphp
5.5.0:beta1
phpphp
5.5.0:beta2
phpphp
5.5.0:beta3
phpphp
5.5.0:beta4
phpphp
5.5.0:rc1
phpphp
5.5.0:rc2
phpphp
5.5.1
phpphp
5.5.2
phpphp
5.5.3
phpphp
5.5.4
phpphp
5.5.5
phpphp
5.5.6
phpphp
5.5.7
phpphp
5.5.8
phpphp
5.5.9
phpphp
5.5.10
phpphp
5.5.11
phpphp
5.5.12
phpphp
5.5.13
phpphp
5.5.14
phpphp
5.5.18
phpphp
5.5.19
phpphp
5.5.20
phpphp
5.5.21
phpphp
5.5.22
phpphp
5.5.23
phpphp
5.5.24
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
applemac_os_x
𝑥
≤ 10.10.4
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_hpc_node
7.0
redhatenterprise_linux_hpc_node_eus
7.1
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_eus
7.1
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
vivid
Fixed 5.6.4+dfsg-4ubuntu6.2
released
utopic
Fixed 5.5.12+dfsg-2ubuntu4.6
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.11
released
precise
Fixed 5.3.10-1ubuntu3.19
released
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://rhn.redhat.com/errata/RHSA-2015-1219.html
http://www.debian.org/security/2015/dsa-3280
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/75056
http://www.securitytracker.com/id/1032431
https://bugs.php.net/bug.php?id=68598
https://security.gentoo.org/glsa/201606-10
https://support.apple.com/kb/HT205031
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://rhn.redhat.com/errata/RHSA-2015-1219.html
http://www.debian.org/security/2015/dsa-3280
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/75056
http://www.securitytracker.com/id/1032431
https://bugs.php.net/bug.php?id=68598
https://security.gentoo.org/glsa/201606-10
https://support.apple.com/kb/HT205031