IT security researcher Charles Fol found two errors in PHP database modules that he was able to use to run his code. Weaknesses affect everyone PHP-Copies from currently maintained version trees including 7.4.29And the 8.0.19 And the 8.1.6.
The first vulnerability (CVE-2022-31625) affects connectivity to postgreSQL databases. By using an incorrectly initialized array to store database query parameters, attackers can destroy the heap and execute their own (malicious) code on the target system if certain types of data are cleverly combined. However, in order to exploit the vulnerability, they would also need to be able to run their PHP code on the target system.
The second security error can be found in a PHP connection to MySQL and has been given the CVE-2022-31626 identifier. Here, Fol exploits a buffer overflow in PHP’s own MySQL implementation to execute the injected code.
side conditions
However, one condition must also be met here in order to be able to enter malicious code: the target server must establish a connection to a specially prepared MySQL server, which also uses a particularly long password of more than 4000 characters.
Security service provider Tenable has assigned a CVSS score of 9.8 (Critical) for each of the bugs, and believes they can be exploited remotely without authentication. Even with a somewhat more cautious assessment, the security gaps still reached a level of 7.8 points and therefore represented a high risk.
In the new PHP versions 7.4.30, 8.0.20 and 8.1.7, the PHP suite has fixed both issues. Above all, administrators running hosting servers must update quickly to reduce the risk of server takeover. However, at the time of writing, only Alpine Linux and Fedora have updated their PHP packages.
(DMK)
