FreeBSD : pear-XML_RPC -- remote PHP code injection vulnerability (e65ad1bf-0d8b-11da-90d0-00304823c0d3)

medium Nessus Plugin ID 21527

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A Hardened-PHP Project Security Advisory reports :

When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code.

This new injection vulnerability is cause by not properly handling the situation, when certain XML tags are nested in the parsed document, that were never meant to be nested at all. This can be easily exploited in a way, that user-input is placed outside of string delimiters within the evaluation string, which obviously results in arbitrary code execution.

Note that several applications contains an embedded version on XML_RPC, therefor making them the vulnerable to the same code injection vulnerability.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 21527

File Name: freebsd_pkg_e65ad1bf0d8b11da90d000304823c0d3.nasl

Version: 1.15

Type: local

Family: FreeBSD Local Security Checks

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:pear-xml_rpc, p-cpe:/a:freebsd:freebsd:b2evolution, p-cpe:/a:freebsd:freebsd:phpgroupware, p-cpe:/a:freebsd:freebsd:phpmyfaq, p-cpe:/a:freebsd:freebsd:egroupware, p-cpe:/a:freebsd:freebsd:phpadsnew, p-cpe:/a:freebsd:freebsd:drupal, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/15/2005

Vulnerability Publication Date: 8/15/2005

Reference Information

CVE: CVE-2005-2498

Detections

Analytics