Debian DSA-1264-1 : php4 - several vulnerabilities

critical Nessus Plugin ID 24793
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-0906 It was discovered that an integer overflow in the str_replace() function could lead to the execution of arbitrary code.

- CVE-2007-0907 It was discovered that a buffer underflow in the sapi_header_op() function could crash the PHP interpreter.

- CVE-2007-0908 Stefan Esser discovered that a programming error in the wddx extension allows information disclosure.

- CVE-2007-0909 It was discovered that a format string vulnerability in the odbc_result_all() functions allows the execution of arbitrary code.

- CVE-2007-0910 It was discovered that super-global variables could be overwritten with session data.

- CVE-2007-0988 Stefan Esser discovered that the zend_hash_init() function could be tricked into an endless loop, allowing denial of service through resource consumption until a timeout is triggered.

Solution

Upgrade the php4 packages.

For the stable distribution (sarge) these problems have been fixed in version 4:4.3.10-19.

See Also

https://security-tracker.debian.org/tracker/CVE-2007-0906

https://security-tracker.debian.org/tracker/CVE-2007-0907

https://security-tracker.debian.org/tracker/CVE-2007-0908

https://security-tracker.debian.org/tracker/CVE-2007-0909

https://security-tracker.debian.org/tracker/CVE-2007-0910

https://security-tracker.debian.org/tracker/CVE-2007-0988

http://www.debian.org/security/2007/dsa-1264

Plugin Details

Severity: Critical

ID: 24793

File Name: debian_DSA-1264.nasl

Version: 1.20

Type: local

Agent: unix

Published: 3/12/2007

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:php4, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 3/7/2007

Vulnerability Publication Date: 2/25/2006

Reference Information

CVE: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988

DSA: 1264

CWE: 20, 399