Oracle Linux 4 / 5 : php (ELSA-2007-0890)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2007:0890 :

Updated PHP packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.

Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source
could possibly allow a remote attacker to execute arbitrary code as
the apache user. (CVE-2007-3996)

An integer overflow flaw was found in the PHP chunk_split function. If
a remote attacker was able to pass arbitrary data to the third
argument of chunk_split they could possibly execute arbitrary code as
the apache user. Note that it is unusual for a PHP script to use the
chunk_script function with a user-supplied third argument.
(CVE-2007-2872)

A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable website if the victim has first visited a malicious web
page under the control of the attacker, and that page can set a cookie
for the vulnerable website. (CVE-2007-4670)

A flaw was found in the PHP money_format function. If a remote
attacker was able to pass arbitrary data to the money_format function
this could possibly result in an information leak or denial of
service. Note that is is unusual for a PHP script to pass
user-supplied data to the money_format function. (CVE-2007-4658)

A flaw was found in the PHP wordwrap function. If a remote attacker
was able to pass arbitrary data to the wordwrap function this could
possibly result in a denial of service. (CVE-2007-3998)

A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim
follows an untrusted carefully-crafted URL. (CVE-2007-3799)

An infinite-loop flaw was discovered in the PHP gd extension. A script
that could be forced to process PNG images from an untrusted source
could allow a remote attacker to cause a denial of service.
(CVE-2007-2756)

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.

See also :

https://oss.oracle.com/pipermail/el-errata/2007-September/000336.html
https://oss.oracle.com/pipermail/el-errata/2007-September/000335.html

Solution :

Update the affected php packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 67570 ()

Bugtraq ID: 24268
25498

CVE ID: CVE-2007-2756
CVE-2007-2872
CVE-2007-3799
CVE-2007-3996
CVE-2007-3998
CVE-2007-4658
CVE-2007-4670