PHP < 5.2.3 Multiple Vulnerabilities

High Nessus Plugin ID 25368

Synopsis

The remote web server uses a version of PHP that is affected by multiple flaws.

Description

According to its banner, the version of PHP installed on the remote host is older than 5.2.3. It is, therefore, affected by multiple vulnerabilities:

- A buffer overflow in the sqlite_decode_function() in the bundled sqlite library could allow context-dependent attackers to execute arbitrary code. (CVE-2007-1887)

- A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter could allow an attacker to inject arbitrary email headers via a special email address. This only affects Mandriva Linux 2007.1.
(CVE-2007-1900)

- An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756)

- An integer overflow flaw was found in the chunk_split() function that ould possibly execute arbitrary code as the apache user if a remote attacker was able to pass arbitrary data to the third argument of chunk_split() (CVE-2007-2872).

- An open_basedir and safe_mode restriction bypass which could allow context-dependent attackers to determine the existence of arbitrary files. (CVE-2007-3007)

Solution

Upgrade to PHP version 5.2.3 or later.

See Also

http://www.php.net/releases/5_2_3.php

Plugin Details

Severity: High

ID: 25368

File Name: php_5_2_3.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 2007/06/02

Updated: 2019/03/27

Dependencies: 48243

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2007-1887

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Exploit Available: false

Exploit Ease: No exploit is required

Patch Publication Date: 2007/05/31

Vulnerability Publication Date: 2007/04/07

Reference Information

CVE: CVE-2007-1887, CVE-2007-1900, CVE-2007-2756, CVE-2007-2872, CVE-2007-3007

BID: 23235, 23359, 24089, 24259, 24261

CWE: 189, 264