Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996)

The html_entity_decode() PHP function was found to not be binary safe.
An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the 'html_entity_decode()' function with untrusted input from the user and displayed the result. (CVE-2006-1490)

The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208)

An input validation error was found in the 'mb_send_mail()' function.
An attacker could use this flaw to inject arbitrary headers in a mail sent via a script calling the 'mb_send_mail()' function where the 'To' parameter can be controlled by the attacker. (CVE-2005-3883)

A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. This issue only affected Red Hat Enterprise Linux 3. (CVE-2005-2933).

Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.

According to its banner, the version of PHP 5.1.x installed on the remote host is older than 5.1.2.  Such versions may be affected by multiple vulnerabilities :

  - A format string vulnerability exists in the     error-reporting feature of the mysqli extension.
    (CVE-2006-0200)

  - Multiple HTTP response splitting vulnerabilities exist     that would allow remote attackers to inject arbitrary     HTTP headers via a crafted Set-Cookie header.     (CVE-2006-0207)

  - Multiple cross-site scripting vulnerabilities exist when     display_errors and html_errors are on. (CVE-2006-0208)

The remote host is affected by the vulnerability described in GLSA-200603-22 (PHP: Format string and XSS vulnerabilities)

    Stefan Esser of the Hardened PHP project has reported a few     vulnerabilities found in PHP:
    Input passed to the session     ID in the session extension isn't properly sanitised before being     returned to the user via a 'Set-Cookie' HTTP header, which can contain     arbitrary injected data.
    A format string error while     processing error messages using the mysqli extension in version 5.1 and     above.
  Impact :

    By sending a specially crafted request, a remote attacker can     exploit this vulnerability to inject arbitrary HTTP headers, which will     be included in the response sent to the user. The format string     vulnerability may be exploited to execute arbitrary code.
  Workaround :

    There is no known workaround at this time.

バナーによると、リモートホストにインストールされている PHP 5.1.x のバージョンは 5.1.2 より前です。そのようなバージョンは、以下の複数の脆弱性の影響を受けることがあります。

  - mysqli 拡張のエラーレポート機能に書式文字列の脆弱性が存在します。
    （CVE-2006-0200）

  - 複数のHTTP応答分割の脆弱性が存在し、リモートの攻撃者が、細工されたSet-Cookieヘッダーを通じて、任意のHTTPヘッダーを挿入する可能性があります。（CVE-2006-0207）

  - display_errorsおよびhtml_errorsがオンであると、複数のクロスサイトスクリプティングの脆弱性が存在します。（CVE-2006-0208）

バナーによると、リモートホストでインストールされている PHP のバージョンは、4.4.2 より前です。このようなバージョンは、display_errors と html_errors がオンの場合、複数のクロスサイトスクリプティング脆弱性の影響を受ける可能性があります。

根據其標題，遠端主機上安裝的 PHP 5.1.x 版本比 5.1.2 舊。這些版本可能受到多個弱點影響：

  - mysqli 延伸模組的錯誤報告功能中存在一個格式字串弱點。
    (CVE-2006-0200)

  - 存在多個 HTTP 回應分割弱點，這些弱點將允許遠端攻擊者透過特製的 Set-Cookie 標頭來插入任意 HTTP 標頭。(CVE-2006-0207)

  - 當 display_errors 和 html_errors 啟動時，存在多個跨網站指令碼弱點。(CVE-2006-0208)

根据其标题，远程主机上安装的 PHP 5.1.x 版本低于 5.1.2。此类版本可能受到多种漏洞的影响：

  - mysqli 扩展的错误报告功能中存在一个格式字符串漏洞。
    (CVE-2006-0200)

  - 存在多个 HTTP 响应拆分漏洞，这些漏洞允许远程攻击者通过构建的 Set-Cookie 标头来注入任意 HTTP 标头。(CVE-2006-0207)

  - 当 display_errors 和 html_errors 启动时，存在多个跨站脚本漏洞。(CVE-2006-0208)

根據其標題，遠端主機上安裝的 PHP 版本舊於 4.4.2。display_errors 和 html_errors 啟動時，這些版本可能受到多個跨網站指令碼弱點影響。

根据其标题，远程主机上安装的 PHP 版本早于 4.4.2。启用 display_errors 和 html_errors 时，此类版本可能受到多种跨站脚本漏洞的影响。

Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
(CVE-2006-0207)

Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in 'certain error conditions.' (CVE-2006-0208). This issue does not affect Corporate Server 2.1.

Updated packages are patched to address these issues. Users must execute 'service httpd restart' for the new PHP modules to be loaded by Apache.

Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting (forging of arbitrary responses on behalf the PHP application) and Cross Site Scripting (XSS) (execution of arbitrary web script code in the client's browser) attacks. (CVE-2006-0207)

PHP applications were also vulnerable to several Cross Site Scripting (XSS) flaws if the options 'display_errors' and 'html_errors' were enabled. Please note that enabling 'html_errors' is not recommended for production systems. (CVE-2006-0208).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the version of PHP installed on the remote host is older than 4.4.2.  Such versions are potentially affected by multiple cross-site scripting vulnerabilities when display_errors and html_errors are on.

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996)

The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208)

A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. (CVE-2005-2933)

The wordwrap() PHP function did not properly check for integer overflow in the handling of the 'break' parameter. An attacker who could control the string passed to the 'break' parameter could cause a heap overflow. (CVE-2006-1990)

Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.

There is a flaw in the remote UW-IMAP server that allows an authenticated user to execute arbitrary code on the server.  The flaw is in the way that UW-IMAP handles quoted mailbox names.  Specifically, an attacker supplying a long mailbox name which only contained one '"' would be able to overwrite memory and execute arbitrary code.

ID	Name	Product	Family	Published	Updated	Severity
21287	RHEL 3 / 4 : php (RHSA-2006:0276)	Nessus	Red Hat Local Security Checks	4/26/2006	1/14/2021	high
17712	PHP 5.1.x < 5.1.2 Multiple Vulnerabilities	Nessus	CGI abuses	11/18/2011	5/28/2024	high
21129	GLSA-200603-22 : PHP: Format string and XSS vulnerabilities	Nessus	Gentoo Local Security Checks	3/23/2006	1/6/2021	medium
17712	PHP 5.1.x < 5.1.2の複数の脆弱性	Nessus	CGI abuses	11/18/2011	5/28/2024	high
17709	PHP < 4.4.2 の複数の XSS 脆弱性	Nessus	CGI abuses : XSS	11/18/2011	5/28/2024	low
17712	PHP 5.1.x < 5.1.2 多個弱點	Nessus	CGI abuses	11/18/2011	5/28/2024	high
17712	PHP 5.1.x < 5.1.2 多个漏洞	Nessus	CGI abuses	11/18/2011	5/28/2024	high
17709	PHP < 4.4.2 多個 XSS 弱點	Nessus	CGI abuses : XSS	11/18/2011	5/28/2024	low
17709	PHP < 4.4.2 多种 XSS 漏洞	Nessus	CGI abuses : XSS	11/18/2011	5/28/2024	low
20849	Mandrake Linux Security Advisory : php (MDKSA-2006:028)	Nessus	Mandriva Local Security Checks	2/5/2006	1/6/2021	medium
21068	Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-261-1)	Nessus	Ubuntu Local Security Checks	3/13/2006	1/19/2021	medium
17709	PHP < 4.4.2 Multiple XSS Vulnerabilities	Nessus	CGI abuses : XSS	11/18/2011	5/28/2024	low
21594	RHEL 2.1 : php (RHSA-2006:0501)	Nessus	Red Hat Local Security Checks	5/24/2006	1/14/2021	high
21897	CentOS 3 / 4 : php (CESA-2006:0276)	Nessus	CentOS Local Security Checks	7/3/2006	1/4/2021	high
3251	UW-IMAP Quote String Buffer Overflow	Nessus Network Monitor	IMAP Servers	10/5/2005	3/6/2019	medium

Detections

Analytics

Plugins Search

high

high

medium

high

low

high

high

low

low

medium

medium

low

high

high

medium