PHP < 5.2.3 Multiple Vulnerabilities
High Nessus Plugin ID 25368
SynopsisThe remote web server uses a version of PHP that is affected by multiple flaws.
DescriptionAccording to its banner, the version of PHP installed on the remote host is older than 5.2.3. It is, therefore, affected by multiple vulnerabilities:
- A buffer overflow in the sqlite_decode_function() in the bundled sqlite library could allow context-dependent attackers to execute arbitrary code. (CVE-2007-1887)
- A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter could allow an attacker to inject arbitrary email headers via a special email address. This only affects Mandriva Linux 2007.1.
- An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756)
- An integer overflow flaw was found in the chunk_split() function that ould possibly execute arbitrary code as the apache user if a remote attacker was able to pass arbitrary data to the third argument of chunk_split() (CVE-2007-2872).
- An open_basedir and safe_mode restriction bypass which could allow context-dependent attackers to determine the existence of arbitrary files. (CVE-2007-3007)
SolutionUpgrade to PHP version 5.2.3 or later.