FreeBSD : php -- multiple vulnerabilities (7fcf1727-be71-11db-b2ec-000c6ec775d9)

critical Nessus Plugin ID 24365

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Multiple vulnerabilities have been found in PHP, including : buffer overflows, stack overflows, format string, and information disclosure vulnerabilities.

The session extension contained safe_mode and open_basedir bypasses, but the FreeBSD Security Officer does not consider these real security vulnerabilities, since safe_mode and open_basedir are insecure by design and should not be relied upon.

Solution

Update the affected packages.

See Also

http://www.php.net/releases/4_4_5.php

http://www.php.net/releases/5_2_1.php

http://www.nessus.org/u?816d763f

Plugin Details

Severity: Critical

ID: 24365

File Name: freebsd_pkg_7fcf1727be7111dbb2ec000c6ec775d9.nasl

Version: 1.18

Type: local

Published: 2/18/2007

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mod_php, p-cpe:/a:freebsd:freebsd:mod_php4, p-cpe:/a:freebsd:freebsd:mod_php4-twig, p-cpe:/a:freebsd:freebsd:mod_php5, p-cpe:/a:freebsd:freebsd:php4, p-cpe:/a:freebsd:freebsd:php4-cgi, p-cpe:/a:freebsd:freebsd:php4-cli, p-cpe:/a:freebsd:freebsd:php4-dtc, p-cpe:/a:freebsd:freebsd:php4-horde, p-cpe:/a:freebsd:freebsd:php4-nms, p-cpe:/a:freebsd:freebsd:php4-odbc, p-cpe:/a:freebsd:freebsd:php4-session, p-cpe:/a:freebsd:freebsd:php4-shmop, p-cpe:/a:freebsd:freebsd:php4-wddx, p-cpe:/a:freebsd:freebsd:php5, p-cpe:/a:freebsd:freebsd:php5-cgi, p-cpe:/a:freebsd:freebsd:php5-cli, p-cpe:/a:freebsd:freebsd:php5-dtc, p-cpe:/a:freebsd:freebsd:php5-horde, p-cpe:/a:freebsd:freebsd:php5-imap, p-cpe:/a:freebsd:freebsd:php5-nms, p-cpe:/a:freebsd:freebsd:php5-odbc, p-cpe:/a:freebsd:freebsd:php5-session, p-cpe:/a:freebsd:freebsd:php5-shmop, p-cpe:/a:freebsd:freebsd:php5-sqlite, p-cpe:/a:freebsd:freebsd:php5-wddx, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/17/2007

Vulnerability Publication Date: 2/9/2007

Reference Information

CVE: CVE-2007-0905, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988

Secunia: 24089

CWE: 20, 399