GLSA-200804-19 : PHP Toolkit: Data disclosure and Denial of Service

low Nessus Plugin ID 32012

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200804-19 (PHP Toolkit: Data disclosure and Denial of Service)

Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph reported that php-select does not quote parameters passed to the 'tr' command, which could convert the '-D PHP5' argument in the 'APACHE2_OPTS' setting in the file /etc/conf.d/apache2 to lower case.
Impact :

An attacker could entice a system administrator to run 'emerge php' or call 'php-select -t apache2 php5' directly in a directory containing a lower case single-character named file, which would prevent Apache from loading mod_php and thereby disclose PHP source code and cause a Denial of Service.
Workaround :

Do not run 'emerge' or 'php-select' from a working directory which contains a lower case single-character named file.

Solution

All PHP Toolkit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/php-toolkit-1.0.1'

See Also

https://security.gentoo.org/glsa/200804-19

Plugin Details

Severity: Low

ID: 32012

File Name: gentoo_GLSA-200804-19.nasl

Version: 1.15

Type: local

Published: 4/22/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Low

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:php-toolkit, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 4/17/2008

Reference Information

CVE: CVE-2008-1734

CWE: 20

GLSA: 200804-19