FreeBSD : pear-XML_RPC -- remote PHP code injection vulnerability (e65ad1bf-0d8b-11da-90d0-00304823c0d3)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Hardened-PHP Project Security Advisory reports :

When the library parses XMLRPC requests/responses, it constructs a
string of PHP code, that is later evaluated. This means any failure to
properly handle the construction of this string can result in
arbitrary execution of PHP code.

This new injection vulnerability is cause by not properly handling the
situation, when certain XML tags are nested in the parsed document,
that were never meant to be nested at all. This can be easily
exploited in a way, that user-input is placed outside of string
delimiters within the evaluation string, which obviously results in
arbitrary code execution.

Note that several applications contains an embedded version on
XML_RPC, therefor making them the vulnerable to the same code
injection vulnerability.

See also :

http://www.nessus.org/u?7c00f82b
http://www.nessus.org/u?2e38c06a
http://drupal.org/files/sa-2005-004/advisory.txt
http://sourceforge.net/project/shownotes.php?release_id=349626
http://www.hardened-php.net/advisory_142005.66.html
http://www.hardened-php.net/advisory_152005.67.html
http://www.phpmyfaq.de/advisory_2005-08-15.php
http://www.nessus.org/u?a14b4779

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21527 (freebsd_pkg_e65ad1bf0d8b11da90d000304823c0d3.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2498

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now