PHPUnit CVE-2017-9841 Arbitrary Code Execution Vulnerability

PHPUnit is prone to an arbitrary code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.
PHPUnit prior to 4.8.28 and 5.x prior to 5.6.3 are vulnerable.

Information

Bugtraq ID: 101798
Class: Design Error
CVE: CVE-2017-9841

Remote: Yes
Local: No
Published: Jun 27 2017 12:00AM
Updated: Nov 13 2017 09:06PM
Credit: David Mudrák
Vulnerable: Phpunit Project Phpunit 5.6
Phpunit Project Phpunit 3.3.12
Phpunit Project Phpunit 3.3.11
Phpunit Project Phpunit 3.3.10
Phpunit Project Phpunit 3.3.5
Phpunit Project Phpunit 3.3.4
Phpunit Project Phpunit 3.3.7
Phpunit Project Phpunit 3.3.6
Phpunit Project Phpunit 3.3.3
Phpunit Project Phpunit 3.3.2
Phpunit Project Phpunit 3.3.1
Phpunit Project Phpunit 3.3.0
Moodle Moodle 3.3.1
Moodle Moodle 3.2.4
Moodle Moodle 3.1.7
Moodle Moodle 3.1.4
Moodle Moodle 3.1.3
Moodle Moodle 3.1.2
Moodle Moodle 3.1.1
Moodle Moodle 3.3
Moodle Moodle 3.2.3
Moodle Moodle 3.2.2
Moodle Moodle 3.2.1
Moodle Moodle 3.2
Moodle Moodle 3.1.6
Moodle Moodle 3.1.5
Moodle Moodle 3.1

Not Vulnerable: Phpunit Project Phpunit 5.6.3
Phpunit Project Phpunit 4.8.28
Moodle Moodle 3.3.2
Moodle Moodle 3.2.5
Moodle Moodle 3.1.8

Exploit

The researcher has created a functional exploit to demonstrate the issue. Please see the references for more information.

References:

• Correct fix for #1956 (phpunit)
  
• CVE-2017-9841 RCE vulnerability in phpunit (vulnbusters.com)
  
• Fix insulated tests with phpdbg #1956 (phpunit)
  
• PHPUnit Homepage (phpunit)
  
• MSA-17-0020: Admins may not know that exposing vendor directory is a security ri (Moodle)
  

Source: www.securityfocus.com