FreeBSD : php -- multiple vulnerabilities (f5e52bf5-fc77-11db-8163-000e0c2e438a)

medium Nessus Plugin ID 25207

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The PHP development team reports :

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7 :

- Fixed CVE-2007-1001, GD wbmp used with invalid image size

- Fixed asciiz byte truncation inside mail()

- Fixed a bug in mb_parse_str() that can be used to activate register_globals

- Fixed unallocated memory access/double free in in array_user_key_compare()

- Fixed a double free inside session_regenerate_id()

- Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.

- Limit nesting level of input variables with max_input_nesting_level as fix for.

- Fixed CRLF injection inside ftp_putcmd().

- Fixed a possible super-global overwrite inside import_request_variables().

- Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only :

- Fixed a header injection via Subject and To parameters to the mail() function

- Fixed wrong length calculation in unserialize S type.

- Fixed substr_compare and substr_count information leak.

- Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().

- Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only :

- XSS in phpinfo()

Solution

Update the affected packages.

See Also

http://www.php.net/releases/4_4_7.php

http://www.php.net/releases/5_2_2.php

http://www.nessus.org/u?7a96ec71

Plugin Details

Severity: Medium

ID: 25207

File Name: freebsd_pkg_f5e52bf5fc7711db8163000e0c2e438a.nasl

Version: 1.13

Type: local

Published: 5/11/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mod_php, p-cpe:/a:freebsd:freebsd:mod_php4, p-cpe:/a:freebsd:freebsd:mod_php4-twig, p-cpe:/a:freebsd:freebsd:mod_php5, p-cpe:/a:freebsd:freebsd:php4, p-cpe:/a:freebsd:freebsd:php4-cgi, p-cpe:/a:freebsd:freebsd:php4-cli, p-cpe:/a:freebsd:freebsd:php4-dtc, p-cpe:/a:freebsd:freebsd:php4-horde, p-cpe:/a:freebsd:freebsd:php4-nms, p-cpe:/a:freebsd:freebsd:php4-odbc, p-cpe:/a:freebsd:freebsd:php4-session, p-cpe:/a:freebsd:freebsd:php4-shmop, p-cpe:/a:freebsd:freebsd:php4-wddx, p-cpe:/a:freebsd:freebsd:php5, p-cpe:/a:freebsd:freebsd:php5-cgi, p-cpe:/a:freebsd:freebsd:php5-cli, p-cpe:/a:freebsd:freebsd:php5-dtc, p-cpe:/a:freebsd:freebsd:php5-horde, p-cpe:/a:freebsd:freebsd:php5-imap, p-cpe:/a:freebsd:freebsd:php5-nms, p-cpe:/a:freebsd:freebsd:php5-odbc, p-cpe:/a:freebsd:freebsd:php5-session, p-cpe:/a:freebsd:freebsd:php5-shmop, p-cpe:/a:freebsd:freebsd:php5-sqlite, p-cpe:/a:freebsd:freebsd:php5-wddx, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/7/2007

Vulnerability Publication Date: 5/3/2007

Reference Information

CVE: CVE-2007-1001