Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2005-564.NASL
HistoryJul 03, 2006 - 12:00 a.m.

CentOS 3 / 4 : php (CESA-2005:564)

2006-07-0300:00:00
This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
43
JSON

Updated PHP packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the ‘apache’ user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue.

When using the default SELinux ‘targeted’ policy on Red Hat Enterprise Linux 4, the impact of this issue is reduced since the scripts executed by PHP are constrained within the httpd_sys_script_t security context.

A race condition in temporary file handling was discovered in the shtool script installed by PHP. If a third-party PHP module which uses shtool was compiled as root, a local user may be able to modify arbitrary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue.

Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:564 and 
# CentOS Errata and Security Advisory 2005:564 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(21841);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2005-1751", "CVE-2005-1921");
  script_bugtraq_id(14088);
  script_xref(name:"RHSA", value:"2005:564");

  script_name(english:"CentOS 3 / 4 : php (CESA-2005:564)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated PHP packages that fix two security issues are now available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.

A bug was discovered in the PEAR XML-RPC Server package included in
PHP. If a PHP script is used which implements an XML-RPC Server using
the PEAR XML-RPC package, then it is possible for a remote attacker to
construct an XML-RPC request which can cause PHP to execute arbitrary
PHP commands as the 'apache' user. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921
to this issue.

When using the default SELinux 'targeted' policy on Red Hat Enterprise
Linux 4, the impact of this issue is reduced since the scripts
executed by PHP are constrained within the httpd_sys_script_t security
context.

A race condition in temporary file handling was discovered in the
shtool script installed by PHP. If a third-party PHP module which uses
shtool was compiled as root, a local user may be able to modify
arbitrary files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-1751 to this issue.

Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues."
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-July/011918.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1cb95481"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-July/011919.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3529b1c9"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-July/011920.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fa8edd70"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-July/011921.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9e964f24"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-July/011922.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4cf76efa"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-July/011923.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?336c8c23"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP XML-RPC Arbitrary Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-domxml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ncurses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/07/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-3", reference:"php-4.3.2-24.ent")) flag++;
if (rpm_check(release:"CentOS-3", reference:"php-devel-4.3.2-24.ent")) flag++;
if (rpm_check(release:"CentOS-3", reference:"php-imap-4.3.2-24.ent")) flag++;
if (rpm_check(release:"CentOS-3", reference:"php-ldap-4.3.2-24.ent")) flag++;
if (rpm_check(release:"CentOS-3", reference:"php-mysql-4.3.2-24.ent")) flag++;
if (rpm_check(release:"CentOS-3", reference:"php-odbc-4.3.2-24.ent")) flag++;
if (rpm_check(release:"CentOS-3", reference:"php-pgsql-4.3.2-24.ent")) flag++;

if (rpm_check(release:"CentOS-4", reference:"php-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-devel-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-domxml-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-gd-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-imap-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-ldap-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-mbstring-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-mysql-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-ncurses-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-odbc-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-pear-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-pgsql-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-snmp-4.3.9-3.7")) flag++;
if (rpm_check(release:"CentOS-4", reference:"php-xmlrpc-4.3.9-3.7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc");
}
VendorProductVersionCPE
centoscentosphpp-cpe:/a:centos:centos:php
centoscentosphp-develp-cpe:/a:centos:centos:php-devel
centoscentosphp-domxmlp-cpe:/a:centos:centos:php-domxml
centoscentosphp-gdp-cpe:/a:centos:centos:php-gd
centoscentosphp-imapp-cpe:/a:centos:centos:php-imap
centoscentosphp-ldapp-cpe:/a:centos:centos:php-ldap
centoscentosphp-mbstringp-cpe:/a:centos:centos:php-mbstring
centoscentosphp-mysqlp-cpe:/a:centos:centos:php-mysql
centoscentosphp-ncursesp-cpe:/a:centos:centos:php-ncurses
centoscentosphp-odbcp-cpe:/a:centos:centos:php-odbc
Rows per page:
1-10 of 161

Related

nessus 28
centos 1
redhat 1
debian 8
openvas 21
osv 2
securityvulns 4
gentoo 7
ubuntucve 4
slackware 1
patchstack 1
packetstorm 1
checkpoint_advisories 1
suse 3
wpvulndb 1
exploitpack 1
cve 5
cert 1
freebsd 3
ubuntu 2
exploitdb 1
debiancve 2
nessus
nessus
Fedora Core 3 : php-4.3.11-2.6 (2005-517)
2005-07-06 00:00:00
Fedora Core 4 : php-5.0.4-10.3 (2005-518)
2005-07-06 00:00:00
RHEL 3 / 4 : php (RHSA-2005:564)
2005-07-08 00:00:00
centos
centos
php security update
2005-07-07 20:36:04
redhat
redhat
(RHSA-2005:564) php security update
2005-07-07 00:00:00
debian
debian
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities
2005-08-29 15:31:06
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities
2005-08-29 15:31:06
[SECURITY] [DSA 747-1] New egroupware packages fix remote command execution
2005-07-10 17:41:55
openvas
openvas
Debian Security Advisory DSA 789-1 (php4)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200507-06 (Tikiwiki)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200507-01 (pear-xml_rpc phpxmlrpc)
2008-09-24 00:00:00
osv
osv
php4 - several
2005-08-29 00:00:00
drupal - arbitrary command execution
2005-07-10 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC
2005-07-07 00:00:00
Advisory 02/2005: Remote code execution in Serendipity
2005-06-30 00:00:00
Advisory 02/2005: Remote code execution in Serendipity
2005-07-01 00:00:00
gentoo
gentoo
WordPress: Multiple vulnerabilities
2005-07-04 00:00:00
PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
2005-07-03 00:00:00
phpGroupWare, eGroupWare: PHP script injection vulnerability
2005-07-10 00:00:00
ubuntucve
ubuntucve
CVE-2005-1921
2005-07-05 00:00:00
CVE-2005-1751
2005-05-25 00:00:00
CVE-2005-1759
2005-06-28 00:00:00
slackware
slackware
PHP
2005-07-11 17:25:23
patchstack
patchstack
WordPress <= 1.3.0 - Eval Injection
2005-06-08 00:00:00
packetstorm
packetstorm
PHP XML-RPC Arbitrary Code Execution
2009-10-30 00:00:00
checkpoint_advisories
checkpoint_advisories
LupperA XMLRPC Propagation Request Code Execution - Ver2 (CVE-2005-1921)
2015-03-26 00:00:00
suse
suse
remote code execution in php/pear XML::RPC
2005-07-08 15:32:35
remote code execution in php4, php5
2005-08-30 14:35:22
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
wpvulndb
wpvulndb
WordPress <= 1.5.1.2 - XMLRPC Eval Injection
2005-06-29 00:00:00
exploitpack
exploitpack
PHPXMLRPC 1.1 - Remote Code Execution
2015-07-02 00:00:00
cve
cve
CVE-2005-1921
2005-07-05 04:00:00
CVE-2005-1759
2005-06-28 04:00:00
CVE-2005-2498
2005-08-15 04:00:00
cert
cert
Multiple PHP XML-RPC implementations vulnerable to code injection
2005-07-06 00:00:00
freebsd
freebsd
pear-XML_RPC -- arbitrary remote code execution
2005-06-29 00:00:00
drupal -- PHP code execution vulnerabilities
2005-06-29 00:00:00
postnuke -- multiple vulnerabilities
2005-05-27 00:00:00
ubuntu
ubuntu
PHP XMLRPC vulnerability
2005-07-05 00:00:00
PHP4 vulnerabilities
2005-08-21 00:00:00
exploitdb
exploitdb
PHPXMLRPC &lt; 1.1 - Remote Code Execution
2015-07-02 00:00:00
debiancve
debiancve
CVE-2005-1751
2005-05-25 04:00:00
CVE-2005-1759
2005-06-28 04:00:00
JSON
Related for CENTOS_RHSA-2005-564.NASL
nessus28centos1redhat1debian8openvas21osv2securityvulns4gentoo7ubuntucve4slackware1patchstack1packetstorm1checkpoint_advisories1suse3wpvulndb1exploitpack1cve5cert1freebsd3ubuntu2exploitdb1debiancve2