FreeBSD : pear-XML_RPC -- remote PHP code injection vulnerability (e65ad1bf-0d8b-11da-90d0-00304823c0d3)

Medium Nessus Plugin ID 21527


The remote FreeBSD host is missing one or more security-related updates.


A Hardened-PHP Project Security Advisory reports :

When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code.

This new injection vulnerability is cause by not properly handling the situation, when certain XML tags are nested in the parsed document, that were never meant to be nested at all. This can be easily exploited in a way, that user-input is placed outside of string delimiters within the evaluation string, which obviously results in arbitrary code execution.

Note that several applications contains an embedded version on XML_RPC, therefor making them the vulnerable to the same code injection vulnerability.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 21527

File Name: freebsd_pkg_e65ad1bf0d8b11da90d000304823c0d3.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2006/05/13

Modified: 2013/08/09

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:b2evolution, p-cpe:/a:freebsd:freebsd:drupal, p-cpe:/a:freebsd:freebsd:eGroupWare, p-cpe:/a:freebsd:freebsd:pear-XML_RPC, p-cpe:/a:freebsd:freebsd:phpAdsNew, p-cpe:/a:freebsd:freebsd:phpgroupware, p-cpe:/a:freebsd:freebsd:phpmyfaq, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/08/15

Vulnerability Publication Date: 2005/08/15

Reference Information

CVE: CVE-2005-2498