Detections
Analytics

FreeBSD : php -- readfile() DoS vulnerability (07f3fe15-a9de-11d9-a788-0001020eed82)

low Nessus Plugin ID 18832

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A SUSE Security advisory reports :

A bug in the readfile() function of php4 could be used to to crash the httpd running the php4 code when accessing files with a multiple of the architectures page size leading to a denial of service.

Solution

Update the affected packages.

See Also

https://bugs.php.net/bug.php?id=27037

https://www.suse.com/support/security/advisories/2005_06_sr/

http://www.nessus.org/u?78d0a82f

Plugin Details

Severity: Low

ID: 18832

File Name: freebsd_pkg_07f3fe15a9de11d9a7880001020eed82.nasl

Version: 1.20

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mod_php, p-cpe:/a:freebsd:freebsd:mod_php4, p-cpe:/a:freebsd:freebsd:mod_php4-twig, p-cpe:/a:freebsd:freebsd:php4, p-cpe:/a:freebsd:freebsd:php4-cgi, p-cpe:/a:freebsd:freebsd:php4-cli, p-cpe:/a:freebsd:freebsd:php4-dtc, p-cpe:/a:freebsd:freebsd:php4-horde, p-cpe:/a:freebsd:freebsd:php4-nms, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 4/10/2005

Vulnerability Publication Date: 1/25/2004

Reference Information

CVE: CVE-2005-0596

BID: 12665