Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing a security update.

Description :

Updated PHP packages that fix a security issue are now available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also contain
a fix for a bug where certain input strings to the metaphone() function
could cause memory corruption.


From Red Hat Security Advisory 2006:0730 :

The Hardened-PHP Project discovered an overflow in the PHP
htmlentities() and htmlspecialchars() routines. If a PHP script used
the vulnerable functions to parse UTF-8 data, a remote attacker
sending a carefully crafted request could trigger the overflow and
potentially execute arbitrary code as the 'apache' user.
(CVE-2006-5465)


From Red Hat Security Advisory 2006:0669 :

A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier
to be used, a cross-site-scripting or response-splitting attack could
be possible. (CVE-2006-3016)

A buffer overflow was discovered in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the
format string, a remote attacker sending a carefully crafted request
could execute arbitrary code as the 'apache' user. (CVE-2006-4020)

An integer overflow was discovered in the PHP wordwrap() and
str_repeat() functions. If a script running on a 64-bit server used
either of these functions on untrusted user data, a remote attacker
sending a carefully crafted request might be able to cause a heap
overflow. (CVE-2006-4482)

A buffer overflow was discovered in the PHP gd extension. If a script
was set up to process GIF images from untrusted sources using the gd
extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)

An integer overflow was discovered in the PHP memory allocation
handling. On 64-bit platforms, the 'memory_limit' setting was not
enforced correctly, which could allow a denial of service attack by a
remote user. (CVE-2006-4486)

See also :

https://oss.oracle.com/pipermail/el-errata/2006-November/000016.html

Solution :

Update the affected php packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 67421 ()

Bugtraq ID:

CVE ID: CVE-2006-3016
CVE-2006-4020
CVE-2006-4482
CVE-2006-4484
CVE-2006-4486
CVE-2006-5465