Fedora 8 : php-5.2.6-2.fc8 (2008-3864)

critical Nessus Plugin ID 33232

Synopsis

The remote Fedora host is missing a security update.

Description

This release updates PHP to the latest upstream version 5.2.6, fixing multiple bugs and security issues. See upstream release notes for further details: http://www.php.net/releases/5_2_5.php http://www.php.net/releases/5_2_6.php It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. An attacker could use this flaw to conduct cross-site scripting attack against users of such browsers. (CVE-2007-5898) It was discovered that a PHP script using the transparent session ID configuration option, or using the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form which is posted to a third-party website, the user's session ID would be included in the form data and passed to that website. (CVE-2007-5899) It was discovered that PHP fnmatch() function did not restrict the length of the string argument. An attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted input data.
(CVE-2007-4782) It was discovered that PHP did not properly seed its pseudo-random number generator used by functions such as rand() and mt_rand(), possibly allowing an attacker to easily predict the generated pseudo-random values. (CVE-2008-2107, CVE-2008-2108)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

http://www.php.net/releases/5_2_5.php

http://www.php.net/releases/5_2_6.php

https://bugzilla.redhat.com/show_bug.cgi?id=285881

https://bugzilla.redhat.com/show_bug.cgi?id=382411

https://bugzilla.redhat.com/show_bug.cgi?id=382431

https://bugzilla.redhat.com/show_bug.cgi?id=445003

https://bugzilla.redhat.com/show_bug.cgi?id=445006

https://bugzilla.redhat.com/show_bug.cgi?id=445684

https://bugzilla.redhat.com/show_bug.cgi?id=445685

http://www.nessus.org/u?f2056591

Plugin Details

Severity: Critical

ID: 33232

File Name: fedora_2008-3864.nasl

Version: 1.19

Type: local

Agent: unix

Published: 6/24/2008

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:8

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/20/2008

Reference Information

CVE: CVE-2007-4782, CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108

BID: 26403, 29009

CWE: 189, 200, 94

FEDORA: 2008-3864