Mandrake Linux Security Advisory : php (MDKSA-2005:213)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A number of vulnerabilities were discovered in PHP :

An issue with fopen_wrappers.c would not properly restrict access to
other directories when the open_basedir directive included a trailing
slash (CVE-2005-3054); this issue does not affect Corporate Server
2.1.

An issue with the apache2handler SAPI in mod_php could allow an
attacker to cause a Denial of Service via the session.save_path option
in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue
does not affect Corporate Server 2.1.

A Denial of Service vulnerability was discovered in the way that PHP
processes EXIF image data which could allow an attacker to cause PHP
to crash by supplying carefully crafted EXIF image data
(CVE-2005-3353).

A cross-site scripting vulnerability was discovered in the phpinfo()
function which could allow for the injection of JavaScript or HTML
content onto a page displaying phpinfo() output, or to steal data such
as cookies (CVE-2005-3388).

A flaw in the parse_str() function could allow for the enabling of
register_globals, even if it was disabled in the PHP configuration
file (CVE-2005-3389).

A vulnerability in the way that PHP registers global variables during
a file upload request could allow a remote attacker to overwrite the
$GLOBALS array which could potentially lead the execution of arbitrary
PHP commands. This vulnerability only affects systems with
register_globals enabled (CVE-2005-3390).

The updated packages have been patched to address this issue. Once the
new packages have been installed, you will need to restart your Apache
server using 'service httpd restart' in order for the new packages to
take effect ('service httpd2-naat restart' for MNF2).

See also :

http://www.hardened-php.net/advisory_182005.77.html
http://www.hardened-php.net/advisory_192005.78.html
http://www.hardened-php.net/advisory_202005.79.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 20445 (mandrake_MDKSA-2005-213.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2491
CVE-2005-3054
CVE-2005-3319
CVE-2005-3353
CVE-2005-3388
CVE-2005-3389
CVE-2005-3390
CVE-2005-3391
CVE-2005-3392

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now