Fedora 9 : maniadrive-1.2-13.fc9 / php-5.2.9-2.fc9 (2009-3848)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in
PHP's mbstring extension. A remote attacker able to pass arbitrary
input to a PHP script using mbstring conversion functions could cause
the PHP interpreter to crash or, possibly, execute arbitrary code.
(CVE-2008-5557) A directory traversal flaw was found in PHP's
ZipArchive::extractTo function. If PHP is used to extract a malicious
ZIP archive, it could allow an attacker to write arbitrary files
anywhere the PHP process has write permissions. (CVE-2008-5658) A
buffer overflow flaw was found in PHP's imageloadfont function. If a
PHP script allowed a remote attacker to load a carefully crafted font
file, it could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-3658) A memory disclosure flaw was
found in the PHP gd extension's imagerotate function. A remote
attacker able to pass arbitrary values as the 'background color'
argument of the function could, possibly, view portions of the PHP
interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was
found in a way PHP reported errors for invalid cookies. If the PHP
interpreter had 'display_errors' enabled, a remote attacker able to
set a specially crafted cookie on a victim's system could possibly
inject arbitrary HTML into an error message generated by PHP.
(CVE-2008-5814) A flaw was found in the handling of the
'mbstring.func_overload' configuration setting. A value set for one
virtual host, or in a user's .htaccess file, was incorrectly applied
to other virtual hosts on the same server, causing the handling of
multibyte character strings to not work correctly. (CVE-2009-0754) A
flaw was found in PHP's json_decode function. A remote attacker could
use this flaw to create a specially crafted string which could cause
the PHP interpreter to crash while being decoded in a PHP script.
(CVE-2009-1271) A flaw was found in the use of the uw-imap library by
the PHP 'imap' extension. This could cause the PHP interpreter to
crash if the 'imap' extension was used to read specially crafted mail
messages with long headers. (CVE-2008-2829)
http://www.php.net/releases/5_2_7.php
http://www.php.net/releases/5_2_8.php
http://www.php.net/releases/5_2_9.php
http://www.php.net/ChangeLog-5.php#5.2.9

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.php.net/ChangeLog-5.php#5.2.9
http://www.php.net/releases/5_2_7.php
http://www.php.net/releases/5_2_8.php
http://www.php.net/releases/5_2_9.php
https://bugzilla.redhat.com/show_bug.cgi?id=452808
https://bugzilla.redhat.com/show_bug.cgi?id=459529
https://bugzilla.redhat.com/show_bug.cgi?id=459572
https://bugzilla.redhat.com/show_bug.cgi?id=474824
https://bugzilla.redhat.com/show_bug.cgi?id=478425
https://bugzilla.redhat.com/show_bug.cgi?id=478848
https://bugzilla.redhat.com/show_bug.cgi?id=479272
https://bugzilla.redhat.com/show_bug.cgi?id=494530
http://www.nessus.org/u?9da9790c
http://www.nessus.org/u?9dfb87a7

Solution :

Update the affected maniadrive and / or php packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 38957 (fedora_2009-3848.nasl)

Bugtraq ID: 29829
30649
31612
32625
32948
33002
33542

CVE ID: CVE-2008-2829
CVE-2008-3658
CVE-2008-3660
CVE-2008-5498
CVE-2008-5557
CVE-2008-5658
CVE-2009-0754
CVE-2009-1271

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now