Debian DSA-020-1 : php4 - remote DOS and remote information leak

medium Nessus Plugin ID 14857

Synopsis

The remote Debian host is missing a security-related update.

Description

The Zend people have found a vulnerability in older versions of PHP4 (the original advisory speaks of 4.0.4 while the bugs are present in 4.0.3 as well). It is possible to specify PHP directives on a per-directory basis which leads to a remote attacker crafting an HTTP request that would cause the next page to be served with the wrong values for these directives. Also even if PHP is installed, it can be activated and deactivated on a per-directory or per-virtual host basis using the 'engine=on' or 'engine=off' directive. This setting can be leaked to other virtual hosts on the same machine, effectively disabling PHP for those hosts and resulting in PHP source code being sent to the client instead of being executed on the server.

Solution

Upgrade the affected php4 package.

See Also

http://www.debian.org/security/2001/dsa-020

Plugin Details

Severity: Medium

ID: 14857

File Name: debian_DSA-020.nasl

Version: 1.19

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:php4, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 1/25/2001

Vulnerability Publication Date: 4/9/2004

Reference Information

CVE: CVE-2001-0108, CVE-2001-1385

DSA: 020