Mandrake Linux Security Advisory : php (MDKSA-2006:162)

critical Nessus Plugin ID 23906

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP.

Updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 23906

File Name: mandrake_MDKSA-2006-162.nasl

Version: 1.20

Type: local

Published: 12/16/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64php5_common5, p-cpe:/a:mandriva:linux:libphp5_common5, p-cpe:/a:mandriva:linux:php-cgi, p-cpe:/a:mandriva:linux:php-cli, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-fcgi, p-cpe:/a:mandriva:linux:php-imap, cpe:/o:mandriva:linux:2006

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/7/2006

Vulnerability Publication Date: 8/17/2006

Reference Information

CVE: CVE-2006-4481, CVE-2006-4484, CVE-2006-4485

BID: 19582

MDKSA: 2006:162