Mandriva Linux Security Advisory : php (MDVSA-2012:065)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been identified and fixed in php :

The PDORow implementation in PHP before 5.3.9 does not properly
interact with the session feature, which allows remote attackers to
cause a denial of service (application crash) via a crafted
application that uses a PDO driver for a fetch and then calls the
session_start function, as demonstrated by a crash of the Apache HTTP
Server (CVE-2012-0788). Note: this was fixed with php-5.3.10

The php_register_variable_ex function in php_variables.c in PHP 5.3.9
allows remote attackers to execute arbitrary code via a request
containing a large number of variables, related to improper handling
of array variables. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed
with php-5.3.10

PHP before 5.3.10 does not properly perform a temporary change to the
magic_quotes_gpc directive during the importing of environment
variables, which makes it easier for remote attackers to conduct SQL
injection attacks via a crafted request, related to
main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c
(CVE-2012-0831).

Insufficient validating of upload name leading to corrupted $_FILES
indices (CVE-2012-1172).

The updated php packages have been upgraded to 5.3.11 which is not
vulnerable to these issues.

Stack-based buffer overflow in the suhosin_encrypt_single_cookie
function in the transparent cookie-encryption feature in the Suhosin
extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and
suhosin.multiheader are enabled, might allow remote attackers to
execute arbitrary code via a long string that is used in a Set-Cookie
HTTP header (CVE-2012-0807). The php-suhosin packages has been
upgraded to the 0.9.33 version which is not affected by this issue.

Additionally some of the PECL extensions has been upgraded to their
latest respective versions which resolves various upstream bugs.

See also :

http://www.php.net/ChangeLog-5.php#5.3.10
http://www.php.net/ChangeLog-5.php#5.3.11

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 58890 ()

Bugtraq ID: 51574
51830
51952
51954
53403

CVE ID: CVE-2012-0788
CVE-2012-0807
CVE-2012-0830
CVE-2012-0831
CVE-2012-1172

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now