Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: FOUR CRITICAL VULNERABILITIES ARE AFFECTING PHP
Image
Published : 30/09/2024
Reference:
Advisory #2024-232
Version:
1.0
Affected software:
PHP versions prior to 8.1.30
PHP versions prior to 8.2.24
PHP versions prior to 8.3.12
Type:
Log Tampering, File Inclusion, Parameter Injection, Erroneous Parsing of Multipart Form Data
CVE/CVSS:
CVE-2024-8925 CVSS: 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVE-2024-8926 CVSS: 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVE-2024-8927 CVSS: 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVE-2024-9026 CVSS: 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
Sources
PHP security advisories GitHub repository - https://github.com/php/php-src/security
Risks
The widely used open-source general-purpose language, PHP, is affected by four critical vulnerabilities with a high impact on Integrity and Availability.
These vulnerabilities can have serious consequences when exploited by attackers, including data breaches, system compromise, and disruption of services.
Description
CVE-2024-8925: Erroneous Parsing of Multipart Form Data
This bug in the parsing of multipart form data can lead to legitimate data not being processed, thus, violating data integrity. Attackers can exploit this to exclude portions of legitimate data under specific conditions.
CVE-2024-8926: PHP CGI Parameter Injection Vulnerability
This vulnerability bypasses a previous fix (CVE-2024-4577, arbitrary PHP code execution) under specific, non-standard Windows codepage configurations.
CVE-2024-8927: Bypass of cgi.force_redirect Configuration
Attackers can exploit this bug to bypass restrictions imposed by the cgi.force_redirect configuration, potentially leading to arbitrary file inclusion in certain configurations. This can compromise sensitive data and allow unauthorized access.
CVE-2024-9026: Log Tampering in PHP-FPM
This vulnerability allows potential manipulation of logs in PHP-FPM, enabling attackers to either insert extraneous characters or remove up to 4 characters from log entries. This can make incident response and forensic investigations more difficult to conduct.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.
Downloads & Installation Instructions can be found here.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Security Online - https://securityonline.info/multiple-vulnerabilities-discovered-in-php-prompting-urgent-security-updates/