Lucene search
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.FEDORA_2006-289.NASLHistoryJan 17, 2007 - 12:00 a.m.
Fedora Core 5 : php-5.1.4-1 (2006-289)
2007-01-1700:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
21
This update includes the latest release of PHP 5, version 5.1.4. This release includes fixes for several security issues and many bug fixes.
The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996)
The html_entity_decode() PHP function was found to not be binary safe.
An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the ‘html_entity_decode()’ function with untrusted input from the user and displayed the result. (CVE-2006-1490)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2006-289.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(24083);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_xref(name:"FEDORA", value:"2006-289");
script_name(english:"Fedora Core 5 : php-5.1.4-1 (2006-289)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora Core host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update includes the latest release of PHP 5, version 5.1.4. This
release includes fixes for several security issues and many bug fixes.
The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo(). (CVE-2006-0996)
The html_entity_decode() PHP function was found to not be binary safe.
An attacker could use this flaw to disclose a certain part of the
memory. In order for this issue to be exploitable the target site
would need to have a PHP script which called the
'html_entity_decode()' function with untrusted input from the user and
displayed the result. (CVE-2006-1490)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# https://lists.fedoraproject.org/pipermail/package-announce/2006-May/000073.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?99b87013"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_attribute(attribute:"risk_factor", value:"High");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-bcmath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-dba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-mbstring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ncurses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pdo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-soap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-xmlrpc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");
script_set_attribute(attribute:"patch_publication_date", value:"2006/05/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC5", reference:"php-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-bcmath-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-dba-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-debuginfo-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-devel-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-gd-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-imap-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-ldap-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-mbstring-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-mysql-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-ncurses-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-odbc-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-pdo-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-pgsql-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-snmp-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-soap-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-xml-5.1.4-1")) flag++;
if (rpm_check(release:"FC5", reference:"php-xmlrpc-5.1.4-1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-dba / php-debuginfo / php-devel / php-gd / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | php | p-cpe:/a:fedoraproject:fedora:php |
| fedoraproject | fedora | php-bcmath | p-cpe:/a:fedoraproject:fedora:php-bcmath |
| fedoraproject | fedora | php-dba | p-cpe:/a:fedoraproject:fedora:php-dba |
| fedoraproject | fedora | php-debuginfo | p-cpe:/a:fedoraproject:fedora:php-debuginfo |
| fedoraproject | fedora | php-devel | p-cpe:/a:fedoraproject:fedora:php-devel |
| fedoraproject | fedora | php-gd | p-cpe:/a:fedoraproject:fedora:php-gd |
| fedoraproject | fedora | php-imap | p-cpe:/a:fedoraproject:fedora:php-imap |
| fedoraproject | fedora | php-ldap | p-cpe:/a:fedoraproject:fedora:php-ldap |
| fedoraproject | fedora | php-mbstring | p-cpe:/a:fedoraproject:fedora:php-mbstring |
| fedoraproject | fedora | php-mysql | p-cpe:/a:fedoraproject:fedora:php-mysql |
References
Related
nessus
nessus
GLSA-200605-08 : PHP: Multiple vulnerabilities
2006-05-13 00:00:00
Mandrake Linux Security Advisory : php (MDKSA-2006:063)
2006-04-04 00:00:00
SUSE-SA:2006:024: php4,php5
2006-05-13 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200605-08 (php)
2008-09-24 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2006-05-08 00:00:00
ubuntucve
ubuntucve
CVE-2006-1490
2006-03-29 00:00:00
CVE-2006-0996
2006-04-10 00:00:00
prion
prion
Design/Logic Flaw
2006-03-29 21:06:00
Cross site scripting
2006-04-10 18:06:00
suse
suse
cross site scripting, information leak in php4,php5
2006-05-05 13:42:01
cve
cve
securityvulns
securityvulns
[Full-disclosure] phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2
2006-04-10 00:00:00
checkpoint_advisories
checkpoint_advisories
PHPInfo Large Input Cross-Site Scripting (CVE-2006-0996)
2015-08-25 00:00:00
centos
centos
php security update
2006-04-25 15:25:25
php security update
2006-05-24 01:13:50
redhat
redhat
(RHSA-2006:0276) php security update
2006-04-25 00:00:00
(RHSA-2006:0501) php security update
2006-05-23 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2006-07-19 00:00:00
seebug
seebug
Apple Mac OS X 2006-007存在多个安全漏洞
2006-11-29 00:00:00
Related for FEDORA_2006-289.NASL