CheckPoint experts spotted Three Critical 0-Day in PHP 7

Researchers at the security firm CheckPoint have discovered three fresh critical zero day vulnerability in the last PHP 7.

Security researchers at the firm CheckPoint have discovered three fresh critical 0-day vulnerabilities in last PHP 7.

These vulnerabilities allow an attacker to take full control over 80 percent of websites which run on the latest release of the popular web programming language. The bad news is that one of the vulnerabilities remains unpatched again.

Security researchers at Check Point’s have analyzed in the last months PHP 7 and focused their efforts into “the unserialized mechanism” which is one of the most well-known vulnerable areas of PHP.

This is the same mechanism that was strongly exploited in PHP 5 and allowed attackers to compromise popular platforms, including Magento, vBulletin, Drupal, Joomla!, Pornhub’s website and other affected web servers in past, by sending maliciously crafted data in client cookies or to expose API calls.

The vulnerabilities are tracked as:

CVE-2016-7479 User After Free(UAF) Code Execution
CVE-2016-7480 Use of Uninitialized Value Code Execution
CVE-2016-7478 Remote Denial of Service

The exploitation of the first two vulnerabilities could allow an attacker to take complete control over affected servers, this means that it is possible to exploit them to spread malware as well as to steal data they store.

The last vulnerability triggers a remote Denial of Service attack/threat which basically hangs the website, exhausts its memory consumption, and a possible site down.

“The first vulnerability allows a remote attacker to unserialize a pathological exception object which refers to itself as the previous exception.” states the report. “When invoking the __toString method of this exception, the code iterates over the chain of exceptions. As the chain of exceptions consists of just that one object that points to itself, the iteration never terminates. “

For more technical details about the vulnerabilities give a look at the report.

“We have reported the three vulnerabilities to the PHP security team on the 15th of September and 6th of August. The PHP security team issued fixes for two of the vulnerabilities on the 13th of October and 1st of December.”

To ensure your webserver’s security, we recommend you should upgrade to latest version of PHP and stay tuned on PHP’s official site for news and updates.

Below the list of vulnerable PHP versions:

CVE-2016-7479 Version <= 7.0.13
CVE-2016-7480 Version < 7.0.12
CVE-2016-7478 Version <= 7.0.13 and 5.6.26

Written by: @GranetMan

Granet is a young and Junior IT Security Researcher, he is passionate in Linux, Arduino, Digital Forensics, Cyber Security, Free software and Malware Analysis

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – PHP 7, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.