Mandrake Linux Security Advisory : mod_php3 (MDKSA-2000:048)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A problem exists with PHP3 and PHP4 scripts regarding RFC 1867-based
file uploads. PHP saves uploaded files in a temporary directory on the
server, using a temporary name that is referenced as the variable $FOO
where 'FOO' is the name of the file input tag in the submitted form.
Many PHP scripts process $FOO without taking measures to ensure that
it is in fact a file that resides in the temporary directory. Because
of this, it is possible for a remote attacker to supply an arbitrary
file name as the value for $FOO by submitting a standard form input
tag by that name, and thus cause the PHP script to process arbitrary
files. The vulnerability exists in various scripts, and not
necessarily with PHP itself, as the script determines what actions to
perform on the uploaded file. The new versions of both PHP3 and PHP4
make it easier to secure scripts from this particular vulnerability.
They include a new function that makes it easy to determine whether a
certain filename is a temporary uploaded file or not :

/* Text whether a file is an uploaded file or not */
is_uploaded_file($path);

While there is no security vulnerability with PHP3 and PHP4, this
upgrade is offered as a convenience because it includes the above
illustrated method of file testing.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61839 ()

Bugtraq ID:

CVE ID: CVE-2000-0860

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now