Fedora 9 : php-5.2.6-2.fc9 (2008-3606)

critical Nessus Plugin ID 33231

Synopsis

The remote Fedora host is missing a security update.

Description

This release updates PHP to the latest upstream version 5.2.6, fixing multiple bugs and security issues. See upstream release notes for further details: http://www.php.net/releases/5_2_6.php It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue.
(CVE-2008-2051) It was discovered that a PHP script using the transparent session ID configuration option, or using the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form which is posted to a third-party website, the user's session ID would be included in the form data and passed to that website. (CVE-2007-5899) It was discovered that PHP did not properly seed its pseudo-random number generator used by functions such as rand() and mt_rand(), possibly allowing an attacker to easily predict the generated pseudo-random values. (CVE-2008-2107, CVE-2008-2108)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

http://www.php.net/releases/5_2_6.php

https://bugzilla.redhat.com/show_bug.cgi?id=445003

https://bugzilla.redhat.com/show_bug.cgi?id=445006

https://bugzilla.redhat.com/show_bug.cgi?id=445684

https://bugzilla.redhat.com/show_bug.cgi?id=445685

http://www.nessus.org/u?5e191822

http://www.nessus.org/u?8cc428e7

Plugin Details

Severity: Critical

ID: 33231

File Name: fedora_2008-3606.nasl

Version: 1.19

Type: local

Agent: unix

Published: 6/24/2008

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:9

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/20/2008

Reference Information

CVE: CVE-2008-0599, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108

BID: 29009

CWE: 189

FEDORA: 2008-3606