CVE-2015-9253

19.02.2018, 19:29

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Affected Products (NVD)

Vendor	Product	Version
php	php	𝑥 < 7.1.20
php	php	7.2.0 ≤ 𝑥 < 7.2.8
php	php	7.3.0:alpha1
php	php	7.3.0:alpha2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php5

artful	dne
bionic	dne
cosmic	dne
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
trusty	Fixed 5.5.9+dfsg-1ubuntu4.29+esm10 released
xenial	dne

php7.0

artful	dne
bionic	dne
cosmic	dne
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
trusty	dne
xenial	Fixed 7.0.33-0ubuntu0.16.04.16+esm3 released

php7.2

artful	dne
bionic	Fixed 7.2.10-0ubuntu0.18.04.1 released
cosmic	Fixed 7.2.10-0ubuntu1 released
disco	Fixed 7.2.10-0ubuntu1 released
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
trusty	dne
xenial	dne

php7.3

bionic	dne
eoan	not-affected
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
trusty	dne
xenial	dne

openSUSE / SLES Releases

openSUSE Product

Release

apache2-mod_php7

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-bcmath

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-bz2

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-calendar

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-ctype

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-curl

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-dba

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-devel

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-dom

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-enchant

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-exif

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-fastcgi

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-fileinfo

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-fpm

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-ftp

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-gd

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-gettext

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-gmp

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-iconv

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-intl

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-json

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-ldap

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-mbstring

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-mysql

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-odbc

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-opcache

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-openssl

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-pcntl

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-pdo

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-pear

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-pear-Archive_Tar

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-pgsql

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-phar

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-posix

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-readline

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-shmop

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-snmp

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-soap

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-sockets

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-sodium

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-sqlite

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-sysvmsg

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-sysvsem

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-sysvshm

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-tidy

suse enterprise server 15 SP1

7.2.34-150000.4.103.1

fixed

php7-tokenizer

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-wddx

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-xmlreader

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-xmlrpc

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-xmlwriter

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-xsl

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-zip

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

php7-zlib

suse enterprise server 15	7.2.34-150000.4.103.1 fixed
suse enterprise server 15 SP1	7.2.34-150000.4.103.1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://bugs.php.net/bug.php?id=70185

https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287

https://bugs.php.net/bug.php?id=75968

https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22

https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8

https://usn.ubuntu.com/3766-1/

https://usn.ubuntu.com/4279-1/

https://www.futureweb.at/security/CVE-2015-9253/