New php packages are available for Slackware 12.0, 12.1, and -current to fix security issues, as well as make improvements and fix bugs.

The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. 

Mac OS X 10.5.7 contains security fixes for the following products :

  - Apache
  - ATS
  - BIND
  - CFNetwork
  - CoreGraphics
  - Cscope
  - CUPS
  - Disk Images
  - enscript
  - Flash Player plug-in
  - Help Viewer
  - iChat
  - International Components for Unicode
  - IPSec
  - Kerberos
  - Kernel
  - Launch Services
  - libxml
  - Net-SNMP
  - Network Time
  - Networking
  - OpenSSL
  - PHP
  - QuickDraw Manager
  - ruby
  - Safari
  - Spotlight
  - system_cmds
  - telnet
  - Terminal
  - WebKit
  - X11

The remote host is affected by the vulnerability described in GLSA-200811-05 (PHP: Multiple vulnerabilities)

    Several vulnerabilitites were found in PHP:
    PHP ships a     vulnerable version of the PCRE library which allows for the     circumvention of security restrictions or even for remote code     execution in case of an application which accepts user-supplied regular     expressions (CVE-2008-0674).
    Multiple crash issues in several     PHP functions have been discovered.
    Ryan Permeh reported that     the init_request_info() function in sapi/cgi/cgi_main.c does not     properly consider operator precedence when calculating the length of     PATH_TRANSLATED (CVE-2008-0599).
    An off-by-one error in the     metaphone() function may lead to memory corruption.
    Maksymilian Arciemowicz of SecurityReason Research reported an     integer overflow, which is triggerable using printf() and related     functions (CVE-2008-1384).
    Andrei Nigmatulin reported a     stack-based buffer overflow in the FastCGI SAPI, which has unknown     attack vectors (CVE-2008-2050).
    Stefan Esser reported that PHP     does not correctly handle multibyte characters inside the     escapeshellcmd() function, which is used to sanitize user input before     its usage in shell commands (CVE-2008-2051).
    Stefan Esser     reported that a short-coming in PHP's algorithm of seeding the random     number generator might allow for predictible random numbers     (CVE-2008-2107, CVE-2008-2108).
    The IMAP extension in PHP uses     obsolete c-client API calls making it vulnerable to buffer overflows as     no bounds checking can be done (CVE-2008-2829).
    Tavis Ormandy     reported a heap-based buffer overflow in pcre_compile.c in the PCRE     version shipped by PHP when processing user-supplied regular     expressions (CVE-2008-2371).
    CzechSec reported that specially     crafted font files can lead to an overflow in the imageloadfont()     function in ext/gd/gd.c, which is part of the GD extension     (CVE-2008-3658).
    Maksymilian Arciemowicz of SecurityReason     Research reported that a design error in PHP's stream wrappers allows     to circumvent safe_mode checks in several filesystem-related PHP     functions (CVE-2008-2665, CVE-2008-2666).
    Laurent Gaffie     discovered a buffer overflow in the internal memnstr() function, which     is used by the PHP function explode() (CVE-2008-3659).
    An     error in the FastCGI SAPI when processing a request with multiple dots     preceding the extension (CVE-2008-3660).
  Impact :

    These vulnerabilities might allow a remote attacker to execute     arbitrary code, to cause a Denial of Service, to circumvent security     restrictions, to disclose information, and to manipulate files.
  Workaround :

    There is no known workaround at this time.

According to Maksymilian Arciemowicz research, it is possible to bypass security restrictions of safe_mode in various functions via directory traversal vulnerability. The attacker can use this attack to gain access to sensitive information. Functions utilizing expand_filepath() may be affected.

It should be noted that this vulnerability is not considered to be serious by the FreeBSD Security Team, since safe_mode and open_basedir are insecure by design and should not be relied upon.

According to its banner, the version of PHP installed on the remote host is prior to 5.2.7. It is, therefore, affected by multiple vulnerabilities :

  - There is a buffer overflow flaw in the bundled PCRE     library that allows a denial of service attack.
    (CVE-2008-2371)

  - Multiple directory traversal vulnerabilities exist in     functions such as 'posix_access', 'chdir', and 'ftok'     that allow a remote attacker to bypass 'safe_mode'     restrictions. (CVE-2008-2665 and CVE-2008-2666).

  - A buffer overflow flaw in 'php_imap.c' may be triggered     when processing long message headers due to the use of     obsolete API calls. This can be exploited to cause a     denial of service or to execute arbitrary code.
    (CVE-2008-2829)

  - A buffer overflow in the 'imageloadfont' function in     'ext/gd/gd.c' can be triggered when a specially crafted     font is given. This can be exploited to cause a denial     of service or to execute arbitrary code. (CVE-2008-3658)

  - A buffer overflow flaw exists in PHP's internal function     'memnstr' which can be exploited by an attacker using     the delimiter argument to the 'explode' function. This     can be used to cause a denial of service or to execute     arbitrary code. (CVE-2008-3659)

  - When PHP is used as a FastCGI module, an attacker by     requesting a file whose file name extension is preceded     by multiple dots can cause a denial of service.
    (CVE-2008-3660)

  - A heap-based buffer overflow flaw in the mbstring     extension can be triggered via a specially crafted     string containing an HTML entity that is not handled     during Unicode conversion. This can be exploited to     execute arbitrary code.(CVE-2008-5557)

  - Improper initialization of global variables 'page_uid'     and 'page_gid' when PHP is used as an Apache module     allows the bypassing of security restriction due to     SAPI 'php_getuid' function overloading. (CVE-2008-5624)

  - PHP does not enforce the correct restrictions when     'safe_mode' is enabled through a 'php_admin_flag'     setting in 'httpd.conf'. This allows an attacker, by     placing a specially crafted 'php_value' entry in     '.htaccess', to able to write to arbitrary files.
    (CVE-2008-5625)

  - The 'ZipArchive::extractTo' function in the ZipArchive     extension fails to filter directory traversal sequences     from file names. An attacker can exploit this to write     to arbitrary files. (CVE-2008-5658)

  - Under limited circumstances, an attacker can cause a     file truncation to occur when calling the 'dba_replace'     function with an invalid argument. (CVE-2008-7068)

  - A buffer overflow error exists in the function     'date_from_ISO8601' function within file 'xmlrpc.c'     because user-supplied input is improperly validated.
    This can be exploited by a remote attacker to cause a     denial of service or to execute arbitrary code.
    (CVE-2014-8626)

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2.7.  Such versions may be affected by several security issues : 

  - Missing initialization of 'BG(page_uid)' and  'BG(page_gid)' when PHP is used as an Apache module may allow for bypassing security restrictions due to SAPI 'php_getuid()' overloading.

  - Incorrect 'php_value' order for Apache configuration may allow bypassing PHP's 'safe_mode' setting.

  - File truncation can occur when calling 'dba_replace()' with an invalid argument.

  - The ZipArchive: extractTo() method in the ZipArchive extension fails to filter directory traversal sequences from file names.

  - There is a buffer overflow in the bundled PCRE library fixed by 7.8. (CVE-2008-2371)

  - A buffer overflow in the 'imageloadfont()' function in 'ext/gd/gd.c' can be triggered when a specially crafted font is given. (CVE-2008-3658)

  - There is a buffer overflow in PHP's internal function 'memnstr()', which is exposed to userspace as 'explode()'. (CVE-2008-3659)

  - When used as a FastCGI module, PHP segfaults when opening a file whose name contains two dots (eg, 'file..php'). (CVE-2008-3660)

  - Multiple directory traversal vulnerabilities in functions such as 'posix_access()', 'chdir()', 'ftok()' may allow a remote attacker to bypass 'safe_mode' restrictions. (CVE-2008-2665 and CVE-2008-2666).

  - A buffer overflow may be triggered when processing long message headers in 'php_imap.c' due to use of an obsolete API call. (CVE-2008-2829)  - A buffer overflow error exists in the function 'date_from_ISO8601' function within file 'xmlrpc.c' because user-supplied input is improperly validated. This can be exploited by a remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2014-8626)

The remote host is running a version of Mac OS X 10.5 that is older than version 10.5.7.  Mac OS X 10.5.7 contains security fixes for the following products : 

- Apache
- ATS
- BIND
- CFNetwork
- CoreGraphics
-Cscope
- CUPS
- Disk Images
- enscript
- Flash player
- Help Viewer
- iChat
- Internation Components for Unicode
- IPSec
- Kerberos
- Kernel
- Launch Services
- libxml
- Net-SNMP
- Network Time
- Networking
- OpenSSL
- PHP
- QuickDraw Manager
- ruby
- Safari
- Spotlight
- system_cmds
- telnet
- WebKit
- X11
- Terminal

According to its banner, the version of PHP installed on the remote host is older than 5.2.7.  Such versions may be affected by several security issues : 

  - Missing initialization of 'BG(page_uid)' and  'BG(page_gid)' when PHP is used as an Apache module may allow for bypassing security restrictions due to SAPI 'php_getuid()' overloading.

  - Incorrect 'php_value' order for Apache configuration may allow bypassing PHP's 'safe_mode' setting.

  - File truncation can occur when calling 'dba_replace()' with an invalid argument.

  - The ZipArchive: extractTo() method in the ZipArchive extension fails to filter directory traversal sequences from file names.

  - There is a buffer overflow in the bundled PCRE library fixed by 7.8. (CVE-2008-2371)

  - A buffer overflow in the 'imageloadfont()' function in 'ext/gd/gd.c' can be triggered when a specially crafted font is given. (CVE-2008-3658)

  - There is a buffer overflow in PHP's internal function 'memnstr()', which is exposed to userspace as 'explode()'. (CVE-2008-3659)

  - When used as a FastCGI module, PHP segfaults when opening a file whose name contains two dots (eg, 'file..php'). (CVE-2008-3660)

  - Multiple directory traversal vulnerabilities in functions such as 'posix_access()', 'chdir()', 'ftok()' may allow a remote attacker to bypass 'safe_mode' restrictions. (CVE-2008-2665 and CVE-2008-2666).

  - A buffer overflow may be triggered when processing long message headers in 'php_imap.c' due to use of an obsolete API call. (CVE-2008-2829)

ID	Name	Product	Family	Published	Updated	Severity
35035	Slackware 12.0 / 12.1 / current : php (SSA:2008-339-01)	Nessus	Slackware Local Security Checks	12/5/2008	1/14/2021	high
38744	Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	5/13/2009	5/28/2024	critical
34787	GLSA-200811-05 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	11/17/2008	1/6/2021	critical
34089	FreeBSD : php -- input validation error in safe_mode (ee6fa2bd-406a-11dd-936a-0015af872849)	Nessus	FreeBSD Local Security Checks	9/5/2008	1/6/2021	medium
35043	PHP 5 < 5.2.7 Multiple Vulnerabilities	Nessus	CGI abuses	12/5/2008	11/22/2024	high
4779	PHP 5.x < 5.2.7 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	11/17/2014	3/6/2019	high
5023	Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities	Nessus Network Monitor	Generic	8/18/2004	3/6/2019	critical
800792	Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection			high
801088	PHP 5 < 5.2.7 Multiple Vulnerabilities	Log Correlation Engine	Web Servers			high

Detections

Analytics

Plugins Search

high

critical

critical

medium

high

high

critical

high

high