Mandriva Linux Security Advisory : php (MDVSA-2009:303)

high Nessus Plugin ID 48159

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in php-5.2.11 :

The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments (CVE-2009-3557).

The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file (CVE-2009-3558).

PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017).

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable (CVE-2009-4018).

Intermittent segfaults occured on x86_64 with the latest phpmyadmin and with apache (#53735).

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Solution

Update the affected packages.

See Also

https://qa.mandriva.com/53735

Plugin Details

Severity: High

ID: 48159

File Name: mandriva_MDVSA-2009-303.nasl

Version: 1.14

Type: local

Published: 7/30/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:php-mysql, p-cpe:/a:mandriva:linux:php-mysqli, p-cpe:/a:mandriva:linux:php-ncurses, p-cpe:/a:mandriva:linux:php-odbc, p-cpe:/a:mandriva:linux:php-openssl, p-cpe:/a:mandriva:linux:php-optimizer, p-cpe:/a:mandriva:linux:php-pcntl, p-cpe:/a:mandriva:linux:apache-mod_php, p-cpe:/a:mandriva:linux:lib64php5_common5, p-cpe:/a:mandriva:linux:libphp5_common5, p-cpe:/a:mandriva:linux:php-apc, p-cpe:/a:mandriva:linux:php-apc-admin, p-cpe:/a:mandriva:linux:php-bcmath, p-cpe:/a:mandriva:linux:php-bz2, p-cpe:/a:mandriva:linux:php-calendar, p-cpe:/a:mandriva:linux:php-cgi, p-cpe:/a:mandriva:linux:php-cli, p-cpe:/a:mandriva:linux:php-ctype, p-cpe:/a:mandriva:linux:php-curl, p-cpe:/a:mandriva:linux:php-dba, p-cpe:/a:mandriva:linux:php-dbase, p-cpe:/a:mandriva:linux:php-dbx, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-dio, p-cpe:/a:mandriva:linux:php-dom, p-cpe:/a:mandriva:linux:php-eaccelerator, p-cpe:/a:mandriva:linux:php-eaccelerator-admin, p-cpe:/a:mandriva:linux:php-exif, p-cpe:/a:mandriva:linux:php-fam, p-cpe:/a:mandriva:linux:php-fcgi, p-cpe:/a:mandriva:linux:php-fileinfo, p-cpe:/a:mandriva:linux:php-filepro, p-cpe:/a:mandriva:linux:php-filter, p-cpe:/a:mandriva:linux:php-ftp, p-cpe:/a:mandriva:linux:php-gd, p-cpe:/a:mandriva:linux:php-gettext, p-cpe:/a:mandriva:linux:php-pdo, p-cpe:/a:mandriva:linux:php-pdo_dblib, p-cpe:/a:mandriva:linux:php-pdo_mysql, p-cpe:/a:mandriva:linux:php-pdo_odbc, p-cpe:/a:mandriva:linux:php-gmp, p-cpe:/a:mandriva:linux:php-hash, p-cpe:/a:mandriva:linux:php-iconv, p-cpe:/a:mandriva:linux:php-idn, p-cpe:/a:mandriva:linux:php-imap, p-cpe:/a:mandriva:linux:php-ini, p-cpe:/a:mandriva:linux:php-json, p-cpe:/a:mandriva:linux:php-ldap, p-cpe:/a:mandriva:linux:php-mbstring, p-cpe:/a:mandriva:linux:php-mcal, p-cpe:/a:mandriva:linux:php-mcrypt, p-cpe:/a:mandriva:linux:php-mhash, p-cpe:/a:mandriva:linux:php-mime_magic, p-cpe:/a:mandriva:linux:php-ming, p-cpe:/a:mandriva:linux:php-mssql, p-cpe:/a:mandriva:linux:php-pdo_pgsql, p-cpe:/a:mandriva:linux:php-pdo_sqlite, p-cpe:/a:mandriva:linux:php-pgsql, p-cpe:/a:mandriva:linux:php-posix, p-cpe:/a:mandriva:linux:php-pspell, p-cpe:/a:mandriva:linux:php-readline, p-cpe:/a:mandriva:linux:php-recode, p-cpe:/a:mandriva:linux:php-sasl, p-cpe:/a:mandriva:linux:php-session, p-cpe:/a:mandriva:linux:php-shmop, p-cpe:/a:mandriva:linux:php-snmp, p-cpe:/a:mandriva:linux:php-soap, p-cpe:/a:mandriva:linux:php-sockets, p-cpe:/a:mandriva:linux:php-sqlite, p-cpe:/a:mandriva:linux:php-ssh2, p-cpe:/a:mandriva:linux:php-suhosin, p-cpe:/a:mandriva:linux:php-sybase, p-cpe:/a:mandriva:linux:php-sysvmsg, p-cpe:/a:mandriva:linux:php-sysvsem, p-cpe:/a:mandriva:linux:php-sysvshm, p-cpe:/a:mandriva:linux:php-tclink, p-cpe:/a:mandriva:linux:php-tidy, p-cpe:/a:mandriva:linux:php-tokenizer, p-cpe:/a:mandriva:linux:php-translit, p-cpe:/a:mandriva:linux:php-vld, p-cpe:/a:mandriva:linux:php-wddx, p-cpe:/a:mandriva:linux:php-xattr, p-cpe:/a:mandriva:linux:php-xdebug, p-cpe:/a:mandriva:linux:php-xml, p-cpe:/a:mandriva:linux:php-xmlreader, p-cpe:/a:mandriva:linux:php-xmlrpc, p-cpe:/a:mandriva:linux:php-xmlwriter, p-cpe:/a:mandriva:linux:php-xsl, p-cpe:/a:mandriva:linux:php-zip, p-cpe:/a:mandriva:linux:php-zlib, cpe:/o:mandriva:linux:2009.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/28/2009

Reference Information

CVE: CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018

BID: 37079, 37138

CWE: 264

MDVSA: 2009:303