Detections
Analytics

Mandrake Linux Security Advisory : mod_php3 (MDKSA-2000:048)

medium Nessus Plugin ID 61839

Language:

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A problem exists with PHP3 and PHP4 scripts regarding RFC 1867-based file uploads. PHP saves uploaded files in a temporary directory on the server, using a temporary name that is referenced as the variable $FOO where 'FOO' is the name of the file input tag in the submitted form.
Many PHP scripts process $FOO without taking measures to ensure that it is in fact a file that resides in the temporary directory. Because of this, it is possible for a remote attacker to supply an arbitrary file name as the value for $FOO by submitting a standard form input tag by that name, and thus cause the PHP script to process arbitrary files. The vulnerability exists in various scripts, and not necessarily with PHP itself, as the script determines what actions to perform on the uploaded file. The new versions of both PHP3 and PHP4 make it easier to secure scripts from this particular vulnerability.
They include a new function that makes it easy to determine whether a certain filename is a temporary uploaded file or not :

/* Text whether a file is an uploaded file or not */ is_uploaded_file($path);

While there is no security vulnerability with PHP3 and PHP4, this upgrade is offered as a convenience because it includes the above illustrated method of file testing.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 61839

File Name: mandrake_MDKSA-2000-048.nasl

Version: 1.6

Type: local

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:imap, p-cpe:/a:mandriva:linux:imap-devel, p-cpe:/a:mandriva:linux:mod_php3, p-cpe:/a:mandriva:linux:mod_php3-imap, p-cpe:/a:mandriva:linux:mod_php3-ldap, p-cpe:/a:mandriva:linux:mod_php3-manual, p-cpe:/a:mandriva:linux:mod_php3-mysql, p-cpe:/a:mandriva:linux:mod_php3-pgsql, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 9/13/2000

Reference Information

CVE: CVE-2000-0860

MDKSA: 2000:048