Oracle Linux 3 / 4 : php (ELSA-2007-0155)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2007:0155 :

Updated PHP packages that fix several security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.

A denial of service flaw was found in the way PHP processed a deeply
nested array. A remote attacker could cause the PHP interpreter to
crash by submitting an input variable with a deeply nested array.
(CVE-2007-1285)

A flaw was found in the way PHP's unserialize() function processed
data. If a remote attacker was able to pass arbitrary data to PHP's
unserialize() function, they could possibly execute arbitrary code as
the apache user. (CVE-2007-1286)

A flaw was found in the way the mbstring extension set global
variables. A script which used the mb_parse_str() function to set
global variables could be forced to enable the register_globals
configuration option, possibly resulting in global variable injection.
(CVE-2007-1583)

A double free flaw was found in PHP's session_decode() function. If a
remote attacker was able to pass arbitrary data to PHP's
session_decode() function, they could possibly execute arbitrary code
as the apache user. (CVE-2007-1711)

A flaw was discovered in the way PHP's mail() function processed
header data. If a script sent mail using a Subject header containing a
string from an untrusted source, a remote attacker could send bulk
e-mail to unintended recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd
extension. A script that could be forced to process WBMP images from
an untrusted source could result in arbitrary code execution.
(CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd extension. A script
that could be forced to write arbitrary string using a JIS font from
an untrusted source could cause the PHP interpreter to crash.
(CVE-2007-0455)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

See also :

https://oss.oracle.com/pipermail/el-errata/2007-April/000121.html
https://oss.oracle.com/pipermail/el-errata/2007-April/000118.html

Solution :

Update the affected php packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N)
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 67471 ()

Bugtraq ID:

CVE ID: CVE-2007-0455
CVE-2007-1001
CVE-2007-1285
CVE-2007-1286
CVE-2007-1583
CVE-2007-1711
CVE-2007-1718