Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.DEBIAN_DSA-020.NASL
HistorySep 29, 2004 - 12:00 a.m.

Debian DSA-020-1 : php4 - remote DOS and remote information leak

2004-09-2900:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
20

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.2%

JSON

The Zend people have found a vulnerability in older versions of PHP4 (the original advisory speaks of 4.0.4 while the bugs are present in 4.0.3 as well). It is possible to specify PHP directives on a per-directory basis which leads to a remote attacker crafting an HTTP request that would cause the next page to be served with the wrong values for these directives. Also even if PHP is installed, it can be activated and deactivated on a per-directory or per-virtual host basis using the ‘engine=on’ or ‘engine=off’ directive. This setting can be leaked to other virtual hosts on the same machine, effectively disabling PHP for those hosts and resulting in PHP source code being sent to the client instead of being executed on the server.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-020. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14857);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2001-0108", "CVE-2001-1385");
  script_xref(name:"DSA", value:"020");

  script_name(english:"Debian DSA-020-1 : php4 - remote DOS and remote information leak");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Zend people have found a vulnerability in older versions of PHP4
(the original advisory speaks of 4.0.4 while the bugs are present in
4.0.3 as well). It is possible to specify PHP directives on a
per-directory basis which leads to a remote attacker crafting an HTTP
request that would cause the next page to be served with the wrong
values for these directives. Also even if PHP is installed, it can be
activated and deactivated on a per-directory or per-virtual host basis
using the 'engine=on' or 'engine=off' directive. This setting can be
leaked to other virtual hosts on the same machine, effectively
disabling PHP for those hosts and resulting in PHP source code being
sent to the client instead of being executed on the server."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2001/dsa-020"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected php4 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2001/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/04/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"php4", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi-gd", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi-imap", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi-ldap", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi-mhash", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi-mysql", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi-pgsql", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi-snmp", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-cgi-xml", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-gd", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-imap", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-ldap", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-mhash", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-mysql", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-pgsql", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-snmp", reference:"4.0.3pl1-0potato1.1")) flag++;
if (deb_check(release:"2.2", prefix:"php4-xml", reference:"4.0.3pl1-0potato1.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxphp4p-cpe:/a:debian:debian_linux:php4
debiandebian_linux2.2cpe:/o:debian:debian_linux:2.2

Related

openvas 2
nessus 1
cvelist 2
nvd 2
cve 2
openvas
openvas
Debian Security Advisory DSA 020-1 (php4)
2008-01-17 00:00:00
Debian Security Advisory DSA 020-1 (php4)
2008-01-17 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : php (MDKSA-2001:013)
2012-09-06 00:00:00
cvelist
cvelist
CVE-2001-1385
2003-04-02 05:00:00
CVE-2001-0108
2001-09-18 04:00:00
nvd
nvd
CVE-2001-1385
2001-01-12 05:00:00
CVE-2001-0108
2001-03-12 05:00:00
cve
cve
CVE-2001-1385
2003-04-02 05:00:00
CVE-2001-0108
2001-09-18 04:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.2%

JSON
Related for DEBIAN_DSA-020.NASL
openvas2nessus1cvelist2nvd2cve2