Mandriva Linux Security Advisory : php (MDVSA-2008:126)

critical Nessus Plugin ID 37584

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A number of vulnerabilities have been found and corrected in PHP :

PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being processed (CVE-2007-1649).

A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation (CVE-2007-4660).

The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors (CVE-2007-5898).

The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL (CVE-2007-5899).

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108).

The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829).

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 37584

File Name: mandriva_MDVSA-2008-126.nasl

Version: 1.22

Type: local

Family: Mandriva Local Security Checks

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64php5_common5, p-cpe:/a:mandriva:linux:libphp5_common5, p-cpe:/a:mandriva:linux:php-cgi, p-cpe:/a:mandriva:linux:php-cli, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-fcgi, p-cpe:/a:mandriva:linux:php-imap, p-cpe:/a:mandriva:linux:php-openssl, p-cpe:/a:mandriva:linux:php-zlib, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/3/2008

Reference Information

CVE: CVE-2007-1649, CVE-2007-4660, CVE-2007-5898, CVE-2007-5899, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2829

BID: 23105, 25498, 26403, 29829

CWE: 119, 189, 200, 399

MDVSA: 2008:126

Detections

Analytics