Mandriva Linux Security Advisory : php (MDVSA-2009:304)

high Nessus Plugin ID 42918
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in php :

PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017).

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable (CVE-2009-4018).

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 42918

File Name: mandriva_MDVSA-2009-304.nasl

Version: 1.20

Type: local

Published: 11/30/2009

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64php5_common5, p-cpe:/a:mandriva:linux:libphp5_common5, p-cpe:/a:mandriva:linux:php-bcmath, p-cpe:/a:mandriva:linux:php-bz2, p-cpe:/a:mandriva:linux:php-calendar, p-cpe:/a:mandriva:linux:php-cgi, p-cpe:/a:mandriva:linux:php-cli, p-cpe:/a:mandriva:linux:php-ctype, p-cpe:/a:mandriva:linux:php-curl, p-cpe:/a:mandriva:linux:php-dba, p-cpe:/a:mandriva:linux:php-dbase, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-dom, p-cpe:/a:mandriva:linux:php-exif, p-cpe:/a:mandriva:linux:php-fcgi, p-cpe:/a:mandriva:linux:php-filter, p-cpe:/a:mandriva:linux:php-ftp, p-cpe:/a:mandriva:linux:php-gd, p-cpe:/a:mandriva:linux:php-gettext, p-cpe:/a:mandriva:linux:php-gmp, p-cpe:/a:mandriva:linux:php-hash, p-cpe:/a:mandriva:linux:php-iconv, p-cpe:/a:mandriva:linux:php-imap, p-cpe:/a:mandriva:linux:php-ini, p-cpe:/a:mandriva:linux:php-json, p-cpe:/a:mandriva:linux:php-ldap, p-cpe:/a:mandriva:linux:php-mbstring, p-cpe:/a:mandriva:linux:php-mcrypt, p-cpe:/a:mandriva:linux:php-mhash, p-cpe:/a:mandriva:linux:php-mime_magic, p-cpe:/a:mandriva:linux:php-ming, p-cpe:/a:mandriva:linux:php-mssql, p-cpe:/a:mandriva:linux:php-mysql, p-cpe:/a:mandriva:linux:php-mysqli, p-cpe:/a:mandriva:linux:php-ncurses, p-cpe:/a:mandriva:linux:php-odbc, p-cpe:/a:mandriva:linux:php-openssl, p-cpe:/a:mandriva:linux:php-pcntl, p-cpe:/a:mandriva:linux:php-pdo, p-cpe:/a:mandriva:linux:php-pdo_dblib, p-cpe:/a:mandriva:linux:php-pdo_mysql, p-cpe:/a:mandriva:linux:php-pdo_odbc, p-cpe:/a:mandriva:linux:php-pdo_pgsql, p-cpe:/a:mandriva:linux:php-pdo_sqlite, p-cpe:/a:mandriva:linux:php-pgsql, p-cpe:/a:mandriva:linux:php-posix, p-cpe:/a:mandriva:linux:php-pspell, p-cpe:/a:mandriva:linux:php-readline, p-cpe:/a:mandriva:linux:php-recode, p-cpe:/a:mandriva:linux:php-session, p-cpe:/a:mandriva:linux:php-shmop, p-cpe:/a:mandriva:linux:php-snmp, p-cpe:/a:mandriva:linux:php-soap, p-cpe:/a:mandriva:linux:php-sockets, p-cpe:/a:mandriva:linux:php-sqlite, p-cpe:/a:mandriva:linux:php-sybase, p-cpe:/a:mandriva:linux:php-sysvmsg, p-cpe:/a:mandriva:linux:php-sysvsem, p-cpe:/a:mandriva:linux:php-sysvshm, p-cpe:/a:mandriva:linux:php-tidy, p-cpe:/a:mandriva:linux:php-tokenizer, p-cpe:/a:mandriva:linux:php-wddx, p-cpe:/a:mandriva:linux:php-xml, p-cpe:/a:mandriva:linux:php-xmlreader, p-cpe:/a:mandriva:linux:php-xmlrpc, p-cpe:/a:mandriva:linux:php-xmlwriter, p-cpe:/a:mandriva:linux:php-xsl, p-cpe:/a:mandriva:linux:php-zlib, cpe:/o:mandriva:linux:2009.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/29/2009

Reference Information

CVE: CVE-2009-4017, CVE-2009-4018, CVE-2009-4022

BID: 37079, 37118, 37138

MDVSA: 2009:304

CWE: 264