Mandrake Linux Security Advisory : php (MDKSA-2005:213)

High Nessus Plugin ID 20445

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7


The remote Mandrake Linux host is missing one or more security updates.


A number of vulnerabilities were discovered in PHP :

An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1.

An issue with the apache2handler SAPI in mod_php could allow an attacker to cause a Denial of Service via the session.save_path option in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue does not affect Corporate Server 2.1.

A Denial of Service vulnerability was discovered in the way that PHP processes EXIF image data which could allow an attacker to cause PHP to crash by supplying carefully crafted EXIF image data (CVE-2005-3353).

A cross-site scripting vulnerability was discovered in the phpinfo() function which could allow for the injection of JavaScript or HTML content onto a page displaying phpinfo() output, or to steal data such as cookies (CVE-2005-3388).

A flaw in the parse_str() function could allow for the enabling of register_globals, even if it was disabled in the PHP configuration file (CVE-2005-3389).

A vulnerability in the way that PHP registers global variables during a file upload request could allow a remote attacker to overwrite the $GLOBALS array which could potentially lead the execution of arbitrary PHP commands. This vulnerability only affects systems with register_globals enabled (CVE-2005-3390).

The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using 'service httpd restart' in order for the new packages to take effect ('service httpd2-naat restart' for MNF2).


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 20445

File Name: mandrake_MDKSA-2005-213.nasl

Version: 1.18

Type: local

Published: 2006/01/15

Updated: 2021/01/06

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64php5_common5, p-cpe:/a:mandriva:linux:lib64php_common432, p-cpe:/a:mandriva:linux:libphp5_common5, p-cpe:/a:mandriva:linux:libphp_common432, p-cpe:/a:mandriva:linux:php-cgi, p-cpe:/a:mandriva:linux:php-cli, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-exif, p-cpe:/a:mandriva:linux:php-fcgi, p-cpe:/a:mandriva:linux:php432-devel, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/11/16

Reference Information

CVE: CVE-2005-2491, CVE-2005-3054, CVE-2005-3319, CVE-2005-3353, CVE-2005-3388, CVE-2005-3389, CVE-2005-3390, CVE-2005-3391, CVE-2005-3392

MDKSA: 2005:213