Mandriva Linux Security Advisory : php (MDVSA-2008:126)

Critical Nessus Plugin ID 37584

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A number of vulnerabilities have been found and corrected in PHP :

PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being processed (CVE-2007-1649).

A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation (CVE-2007-4660).

The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors (CVE-2007-5898).

The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL (CVE-2007-5899).

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108).

The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829).

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 37584

File Name: mandriva_MDVSA-2008-126.nasl

Version: 1.20

Type: local

Published: 2009/04/23

Updated: 2018/07/19

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64php5_common5, p-cpe:/a:mandriva:linux:libphp5_common5, p-cpe:/a:mandriva:linux:php-cgi, p-cpe:/a:mandriva:linux:php-cli, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-fcgi, p-cpe:/a:mandriva:linux:php-imap, p-cpe:/a:mandriva:linux:php-openssl, p-cpe:/a:mandriva:linux:php-zlib, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/07/03

Reference Information

CVE: CVE-2007-1649, CVE-2007-4660, CVE-2007-5898, CVE-2007-5899, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2829

BID: 23105, 25498, 26403, 29829

MDVSA: 2008:126

CWE: 119, 189, 200, 399