Fedora 9 : maniadrive-1.2-13.fc9 / php-5.2.9-2.fc9 (2009-3848)

critical Nessus Plugin ID 38957

Synopsis

The remote Fedora host is missing one or more security updates.

Description

Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code.
(CVE-2008-5557) A directory traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used to extract a malicious ZIP archive, it could allow an attacker to write arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658) A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658) A memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the 'background color' argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was found in a way PHP reported errors for invalid cookies. If the PHP interpreter had 'display_errors' enabled, a remote attacker able to set a specially crafted cookie on a victim's system could possibly inject arbitrary HTML into an error message generated by PHP.
(CVE-2008-5814) A flaw was found in the handling of the 'mbstring.func_overload' configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754) A flaw was found in PHP's json_decode function. A remote attacker could use this flaw to create a specially crafted string which could cause the PHP interpreter to crash while being decoded in a PHP script.
(CVE-2009-1271) A flaw was found in the use of the uw-imap library by the PHP 'imap' extension. This could cause the PHP interpreter to crash if the 'imap' extension was used to read specially crafted mail messages with long headers. (CVE-2008-2829) http://www.php.net/releases/5_2_7.php http://www.php.net/releases/5_2_8.php http://www.php.net/releases/5_2_9.php http://www.php.net/ChangeLog-5.php#5.2.9

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected maniadrive and / or php packages.

See Also

http://www.php.net/ChangeLog-5.php#5.2.9

http://www.php.net/releases/5_2_7.php

http://www.php.net/releases/5_2_8.php

http://www.php.net/releases/5_2_9.php

https://bugzilla.redhat.com/show_bug.cgi?id=452808

https://bugzilla.redhat.com/show_bug.cgi?id=459529

https://bugzilla.redhat.com/show_bug.cgi?id=459572

https://bugzilla.redhat.com/show_bug.cgi?id=474824

https://bugzilla.redhat.com/show_bug.cgi?id=478425

https://bugzilla.redhat.com/show_bug.cgi?id=478848

https://bugzilla.redhat.com/show_bug.cgi?id=479272

https://bugzilla.redhat.com/show_bug.cgi?id=494530

http://www.nessus.org/u?9da9790c

http://www.nessus.org/u?9dfb87a7

Plugin Details

Severity: Critical

ID: 38957

File Name: fedora_2009-3848.nasl

Version: 1.20

Type: local

Agent: unix

Published: 6/1/2009

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:maniadrive, p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:9

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/21/2009

Vulnerability Publication Date: 6/23/2008

Reference Information

CVE: CVE-2008-2829, CVE-2008-3658, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5658, CVE-2009-0754, CVE-2009-1271

BID: 29829, 30649, 31612, 32625, 32948, 33002, 33542

CWE: 119, 134, 20, 200, 22

FEDORA: 2009-3848