Mandrake Linux Security Advisory : php (MDKSA-2007:048)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A number of vulnerabilities were discovered in PHP language.

Many buffer overflow flaws were discovered in the PHP session
extension, the str_replace() function, and the imap_mail_compose()
function. An attacker able to use a PHP application using any of these
functions could trigger these flaws and possibly execute arbitrary
code as the apache user (CVE-2007-0906).

A one-byte memory read will always occur prior to the beginning of a
buffer, which could be triggered, for example, by any use of the
header() function in a script (CVE-2007-0907).

The wddx extension, if used to import WDDX data from an untrusted
source, may allow a random portion of heap memory to be exposed due to
certain WDDX input packets (CVE-2007-0908).

The odbc_result_all() function, if used to display data from a
database, and if the contents of the database are under the control of
an attacker, could lead to the execution of arbitrary code due to a
format string vulnerability (CVE-2007-0909).

Several flaws in the PHP could allow attackers to clobber certain
super-global variables via unspecified vectors (CVE-2007-0910).

The zend_hash_init() function can be forced into an infinite loop if
unserializing untrusted data on a 64-bit platform, resulting in the
consumption of CPU resources until the script timeout alarm aborts the
execution of the script (CVE-2007-0988).

Updated package have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 24695 (mandrake_MDKSA-2007-048.nasl)

Bugtraq ID:

CVE ID: CVE-2007-0906
CVE-2007-0907
CVE-2007-0908
CVE-2007-0909
CVE-2007-0910
CVE-2007-0988
CVE-2007-1380

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now