Detections
Analytics
FreeBSD : php -- multiple vulnerabilities (27d01223-c457-11dd-a721-0030843d3802)
high Nessus Plugin ID 35051
Synopsis
The remote FreeBSD host is missing a security-related update.Description
Secunia reports :Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
An input validation error exists within the 'ZipArchive::extractTo()' function when extracting ZIP archives. This can be exploited to extract files to arbitrary locations outside the specified directory via directory traversal sequences in a specially crafted ZIP archive.
An error in the included PCRE library can be exploited to cause a buffer overflow.
The problem is that the 'BG(page_uid)' and 'BG(page_gid)' variables are not initialized. No further information is currently available.
The problem is that the 'php_value' order is incorrect for Apache configurations. No further information is currently available.
An error in the GD library can be exploited to cause a crash via a specially crafted font file.
Solution
Update the affected package.See Also
http://www.php.net/ChangeLog-5.php#5.2.7
Plugin Details
Severity: High
ID: 35051
File Name: freebsd_pkg_27d01223c45711dda7210030843d3802.nasl
Version: 1.16
Type: local
Family: FreeBSD Local Security Checks
Published: 12/8/2008
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:php5, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 12/7/2008
Vulnerability Publication Date: 12/4/2008
Reference Information
CVE: CVE-2008-2371, CVE-2008-2829, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660