Mandrake Linux Security Advisory : php (MDKSA-2007:089)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A heap-based buffer overflow vulnerability was found in PHP's gd
extension. A script that could be forced to process WBMP images from
an untrusted source could result in arbitrary code execution
(CVE-2007-1001).

A DoS flaw was found in how PHP processed a deeply nested array. A
remote attacker could cause the PHP intrerpreter to creash by
submitting an input variable with a deeply nested array
(CVE-2007-1285).

A vulnerability in the way the mbstring extension set global variables
was discovered where a script using the mb_parse_str() function to set
global variables could be forced to to enable the register_globals
configuration option, possibly resulting in global variable injection
(CVE-2007-1583).

A vulnerability in how PHP's mail() function processed header data was
discovered. If a script sent mail using a subject header containing a
string from an untrusted source, a remote attacker could send bulk
email to unintended recipients (CVE-2007-1718).

A buffer overflow in the sqlite_decode_function() in the bundled
sqlite library could allow context-dependent attackers to execute
arbitrary code (CVE-2007-1887).

Updated packages have been patched to correct these issues. Also note
that the default use of the Hardened PHP patch helped to protect
against some of these issues prior to patching.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 25113 (mandrake_MDKSA-2007-089.nasl)

Bugtraq ID: 22764
23016
23145
23357

CVE ID: CVE-2007-1001
CVE-2007-1285
CVE-2007-1583
CVE-2007-1717
CVE-2007-1718
CVE-2007-1887

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now