Detections
Analytics
PHP 5.3 < 5.3.1 Multiple Vulnerabilities
medium Nessus Plugin ID 42862
Language:
Synopsis
The remote web server uses a version of PHP that is affected by multiple flaws.Description
According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.1. Such versions may be affected by several security issues :- Sanity checks are missing in exif processing.
- It is possible to bypass the 'safe_mode' configuration setting using 'tempnam()'.
- It is possible to bypass the 'open_basedir' configuration setting using 'posix_mkfifo()'.
- The 'safe_mode_include_dir' configuration setting may be ignored. (Bug #50063)
- Calling 'popen()' with an invalid mode can cause a crash under Windows. (Bug #44683)
- Provided file uploading is enabled (it is by default), an attacker can upload files using a POST request with 'multipart/form-data' content even if the target script doesn't actually support file uploads per se. By supplying a large number (15,000+) of files, an attacker could cause the web server to stop responding while it processes the file list.
- 'proc_open()' can bypass 'safe_mode_protected_env_vars'.
(Bug #49026)
- An unspecified vulnerability affects the LCG entropy.
Solution
Upgrade to PHP version 5.3.1 or later.See Also
https://www.securityfocus.com/archive/1/507982/30/0/threaded
Plugin Details
Severity: Medium
ID: 42862
File Name: php_5_3_1.nasl
Version: 1.23
Type: remote
Family: CGI abuses
Published: 11/20/2009
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:php:php
Required KB Items: www/PHP
Exploit Ease: No exploit is required
Patch Publication Date: 11/19/2009
Reference Information
CVE: CVE-2009-3557, CVE-2009-3559, CVE-2009-4017, CVE-2009-4018, CVE-2010-1128