Mandrake Linux Security Advisory : php (MDKSA-2007:048)

critical Nessus Plugin ID 24695

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A number of vulnerabilities were discovered in PHP language.

Many buffer overflow flaws were discovered in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. An attacker able to use a PHP application using any of these functions could trigger these flaws and possibly execute arbitrary code as the apache user (CVE-2007-0906).

A one-byte memory read will always occur prior to the beginning of a buffer, which could be triggered, for example, by any use of the header() function in a script (CVE-2007-0907).

The wddx extension, if used to import WDDX data from an untrusted source, may allow a random portion of heap memory to be exposed due to certain WDDX input packets (CVE-2007-0908).

The odbc_result_all() function, if used to display data from a database, and if the contents of the database are under the control of an attacker, could lead to the execution of arbitrary code due to a format string vulnerability (CVE-2007-0909).

Several flaws in the PHP could allow attackers to clobber certain super-global variables via unspecified vectors (CVE-2007-0910).

The zend_hash_init() function can be forced into an infinite loop if unserializing untrusted data on a 64-bit platform, resulting in the consumption of CPU resources until the script timeout alarm aborts the execution of the script (CVE-2007-0988).

Updated package have been patched to correct this issue.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 24695

File Name: mandrake_MDKSA-2007-048.nasl

Version: 1.18

Type: local

Published: 2/23/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64php5_common5, p-cpe:/a:mandriva:linux:libphp5_common5, p-cpe:/a:mandriva:linux:php-cgi, p-cpe:/a:mandriva:linux:php-cli, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-fcgi, p-cpe:/a:mandriva:linux:php-imap, p-cpe:/a:mandriva:linux:php-odbc, p-cpe:/a:mandriva:linux:php-session, cpe:/o:mandriva:linux:2006, cpe:/o:mandriva:linux:2007

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2/22/2007

Reference Information

CVE: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988, CVE-2007-1380

CWE: 20, 399

MDKSA: 2007:048