GLSA-200412-14 : PHP: Multiple vulnerabilities

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200412-14
(PHP: Multiple vulnerabilities)

Stefan Esser and Marcus Boerger reported several different issues in
the unserialize() function, including serious exploitable bugs in the
way it handles negative references (CAN-2004-1019).
Stefan Esser also discovered that the pack() and unpack() functions are
subject to integer overflows that can lead to a heap buffer overflow
and a heap information leak. Finally, he found that the way
multithreaded PHP handles safe_mode_exec_dir restrictions can be
bypassed, and that various path truncation issues also allow to bypass
path and safe_mode restrictions.
Ilia Alshanetsky found a stack overflow issue in the exif_read_data()
function (CAN-2004-1065). Finally, Daniel Fabian found that addslashes
and magic_quotes_gpc do not properly escape null characters and that
magic_quotes_gpc contains a bug that could lead to one level directory

Impact :

These issues could be exploited by a remote attacker to retrieve web
server heap information, bypass safe_mode or path restrictions and
potentially execute arbitrary code with the rights of the web server
running a PHP application.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All PHP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-php/php-4.3.10'
All mod_php users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-php/mod_php-4.3.10'
All php-cgi users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-php/php-cgi-4.3.10'

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 10.0
Public Exploit Available : false

Family: Gentoo Local Security Checks

Nessus Plugin ID: 16001 (gentoo_GLSA-200412-14.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1019

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now