Wind River Support Network

HomeDefectsLIN7-4039

Fixed

LIN7-4039 : Security Advisory - php - CVE-2015-4026

Created: Jun 15, 2015 Updated: Sep 8, 2018

Resolved Date: Jul 2, 2015

Found In Version: 7.0.0.6

Fix Version: 7.0.0.7

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4026

Other Downloads

Wind River Linux 7.0.0.14
Wind River Linux 7.0.0.15
Wind River Linux 7.0.0.16
Wind River Linux 7.0.0.17
Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2015-4026