FreeBSD : php -- readfile() DoS vulnerability (07f3fe15-a9de-11d9-a788-0001020eed82)

Low Nessus Plugin ID 18832


The remote FreeBSD host is missing one or more security-related updates.


A SUSE Security advisory reports :

A bug in the readfile() function of php4 could be used to to crash the httpd running the php4 code when accessing files with a multiple of the architectures page size leading to a denial of service.


Update the affected packages.

See Also

Plugin Details

Severity: Low

ID: 18832

File Name: freebsd_pkg_07f3fe15a9de11d9a7880001020eed82.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2005/07/13

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mod_php, p-cpe:/a:freebsd:freebsd:mod_php4, p-cpe:/a:freebsd:freebsd:mod_php4-twig, p-cpe:/a:freebsd:freebsd:php4, p-cpe:/a:freebsd:freebsd:php4-cgi, p-cpe:/a:freebsd:freebsd:php4-cli, p-cpe:/a:freebsd:freebsd:php4-dtc, p-cpe:/a:freebsd:freebsd:php4-horde, p-cpe:/a:freebsd:freebsd:php4-nms, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2005/04/10

Vulnerability Publication Date: 2004/01/25

Reference Information

CVE: CVE-2005-0596

BID: 12665