FreeBSD : pecl-phar -- format string vulnerability (da3d381b-0ee6-11e0-becc-0022156e8794)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Entry for CVE-2010-2094 says :

Multiple format string vulnerabilities in the phar extension in PHP
5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive
information (memory contents) and possibly execute arbitrary code via
a crafted phar:// URI that is not properly handled by the (1)
phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4)
phar_wrapper_open_url functions in ext/phar/stream.c; and the (5)
phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers
errors in the php_stream_wrapper_log_error function.

PECL source code for PHAR extension shares the same code, so it is
vulnerable too.

See also :

http://www.nessus.org/u?7758038f
http://www.nessus.org/u?8c91f223
http://www.nessus.org/u?246338fe
http://www.nessus.org/u?dba86c39
http://www.nessus.org/u?37ec1fc4
http://www.nessus.org/u?405b83c0

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 56499 ()

Bugtraq ID:

CVE ID: CVE-2010-2094

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now