Synopsis
The remote Fedora host is missing a security update.
Description
This release updates PHP to the latest upstream version 5.2.6, fixing multiple bugs and security issues. See upstream release notes for further details: http://www.php.net/releases/5_2_5.php http://www.php.net/releases/5_2_6.php It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. An attacker could use this flaw to conduct cross-site scripting attack against users of such browsers. (CVE-2007-5898) It was discovered that a PHP script using the transparent session ID configuration option, or using the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form which is posted to a third-party website, the user's session ID would be included in the form data and passed to that website. (CVE-2007-5899) It was discovered that PHP fnmatch() function did not restrict the length of the string argument. An attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted input data.
(CVE-2007-4782) It was discovered that PHP did not properly seed its pseudo-random number generator used by functions such as rand() and mt_rand(), possibly allowing an attacker to easily predict the generated pseudo-random values. (CVE-2008-2107, CVE-2008-2108)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected php package.
Plugin Details
File Name: fedora_2008-3864.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:8
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: Exploits are available
Patch Publication Date: 6/20/2008