openSUSE 10 Security Update : php5 (php5-2687)

critical Nessus Plugin ID 27390

Synopsis

The remote openSUSE host is missing a security update.

Description

CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions.

CVE-2007-0907: Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.

CVE-2007-0908: The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2007-0909: Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.

CVE-2007-0910: Unspecified vulnerability in PHP before 5.2.1 allows attackers to 'clobber' certain super-global variables via unspecified vectors.

CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).

CVE-2006-6383: PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ';' in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. And another fix for open_basedir was added to stop mixing up its setting in a virtual host environment.

Solution

Update the affected php5 packages.

Plugin Details

Severity: Critical

ID: 27390

File Name: suse_php5-2687.nasl

Version: 1.14

Type: local

Agent: unix

Published: 10/17/2007

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:php5-mhash, p-cpe:/a:novell:opensuse:php5, p-cpe:/a:novell:opensuse:php5-sysvmsg, p-cpe:/a:novell:opensuse:php5-wddx, p-cpe:/a:novell:opensuse:php5-fastcgi, p-cpe:/a:novell:opensuse:php5-gd, p-cpe:/a:novell:opensuse:php5-dba, p-cpe:/a:novell:opensuse:php5-exif, p-cpe:/a:novell:opensuse:php5-bcmath, p-cpe:/a:novell:opensuse:php5-ftp, p-cpe:/a:novell:opensuse:php5-pear, p-cpe:/a:novell:opensuse:php5-mysql, p-cpe:/a:novell:opensuse:php5-zip, p-cpe:/a:novell:opensuse:php5-xmlrpc, p-cpe:/a:novell:opensuse:php5-pgsql, cpe:/o:novell:opensuse:10.1, p-cpe:/a:novell:opensuse:php5-sysvshm, p-cpe:/a:novell:opensuse:php5-odbc, p-cpe:/a:novell:opensuse:php5-imap, cpe:/o:novell:opensuse:10.2, p-cpe:/a:novell:opensuse:php5-curl, p-cpe:/a:novell:opensuse:php5-mbstring, p-cpe:/a:novell:opensuse:php5-soap, p-cpe:/a:novell:opensuse:php5-iconv, p-cpe:/a:novell:opensuse:php5-mysqli, p-cpe:/a:novell:opensuse:php5-devel, p-cpe:/a:novell:opensuse:apache2-mod_php5, p-cpe:/a:novell:opensuse:php5-ldap, p-cpe:/a:novell:opensuse:php5-dom

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 3/2/2007

Reference Information

CVE: CVE-2006-6383, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0911

CWE: 20