Lucene search

K
nessusTenable4779.PRM
HistoryNov 17, 2014 - 12:00 a.m.

PHP 5.x < 5.2.7 Multiple Vulnerabilities

2014-11-1700:00:00
Tenable
www.tenable.com
24

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2.7. Such versions may be affected by several security issues :

  • Missing initialization of ‘BG(page_uid)’ and ‘BG(page_gid)’ when PHP is used as an Apache module may allow for bypassing security restrictions due to SAPI ‘php_getuid()’ overloading.

  • Incorrect ‘php_value’ order for Apache configuration may allow bypassing PHP’s ‘safe_mode’ setting.

  • File truncation can occur when calling ‘dba_replace()’ with an invalid argument.

  • The ZipArchive: extractTo() method in the ZipArchive extension fails to filter directory traversal sequences from file names.

  • There is a buffer overflow in the bundled PCRE library fixed by 7.8. (CVE-2008-2371)

  • A buffer overflow in the ‘imageloadfont()’ function in ‘ext/gd/gd.c’ can be triggered when a specially crafted font is given. (CVE-2008-3658)

  • There is a buffer overflow in PHP’s internal function ‘memnstr()’, which is exposed to userspace as ‘explode()’. (CVE-2008-3659)

  • When used as a FastCGI module, PHP segfaults when opening a file whose name contains two dots (eg, ‘file…php’). (CVE-2008-3660)

  • Multiple directory traversal vulnerabilities in functions such as ‘posix_access()’, ‘chdir()’, ‘ftok()’ may allow a remote attacker to bypass ‘safe_mode’ restrictions. (CVE-2008-2665 and CVE-2008-2666).

  • A buffer overflow may be triggered when processing long message headers in ‘php_imap.c’ due to use of an obsolete API call. (CVE-2008-2829) - A buffer overflow error exists in the function ‘date_from_ISO8601’ function within file ‘xmlrpc.c’ because user-supplied input is improperly validated. This can be exploited by a remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2014-8626)

Binary data 4779.prm
VendorProductVersion
phpphp

References