Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-213.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Mandrake Linux Security Advisory : php (MDKSA-2005:213)

2006-01-1500:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
20
JSON

A number of vulnerabilities were discovered in PHP :

An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1.

An issue with the apache2handler SAPI in mod_php could allow an attacker to cause a Denial of Service via the session.save_path option in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue does not affect Corporate Server 2.1.

A Denial of Service vulnerability was discovered in the way that PHP processes EXIF image data which could allow an attacker to cause PHP to crash by supplying carefully crafted EXIF image data (CVE-2005-3353).

A cross-site scripting vulnerability was discovered in the phpinfo() function which could allow for the injection of JavaScript or HTML content onto a page displaying phpinfo() output, or to steal data such as cookies (CVE-2005-3388).

A flaw in the parse_str() function could allow for the enabling of register_globals, even if it was disabled in the PHP configuration file (CVE-2005-3389).

A vulnerability in the way that PHP registers global variables during a file upload request could allow a remote attacker to overwrite the $GLOBALS array which could potentially lead the execution of arbitrary PHP commands. This vulnerability only affects systems with register_globals enabled (CVE-2005-3390).

The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using ‘service httpd restart’ in order for the new packages to take effect (‘service httpd2-naat restart’ for MNF2).

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:213. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20445);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-2491", "CVE-2005-3054", "CVE-2005-3319", "CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2005-3391", "CVE-2005-3392");
  script_xref(name:"MDKSA", value:"2005:213");

  script_name(english:"Mandrake Linux Security Advisory : php (MDKSA-2005:213)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities were discovered in PHP :

An issue with fopen_wrappers.c would not properly restrict access to
other directories when the open_basedir directive included a trailing
slash (CVE-2005-3054); this issue does not affect Corporate Server
2.1.

An issue with the apache2handler SAPI in mod_php could allow an
attacker to cause a Denial of Service via the session.save_path option
in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue
does not affect Corporate Server 2.1.

A Denial of Service vulnerability was discovered in the way that PHP
processes EXIF image data which could allow an attacker to cause PHP
to crash by supplying carefully crafted EXIF image data
(CVE-2005-3353).

A cross-site scripting vulnerability was discovered in the phpinfo()
function which could allow for the injection of JavaScript or HTML
content onto a page displaying phpinfo() output, or to steal data such
as cookies (CVE-2005-3388).

A flaw in the parse_str() function could allow for the enabling of
register_globals, even if it was disabled in the PHP configuration
file (CVE-2005-3389).

A vulnerability in the way that PHP registers global variables during
a file upload request could allow a remote attacker to overwrite the
$GLOBALS array which could potentially lead the execution of arbitrary
PHP commands. This vulnerability only affects systems with
register_globals enabled (CVE-2005-3390).

The updated packages have been patched to address this issue. Once the
new packages have been installed, you will need to restart your Apache
server using 'service httpd restart' in order for the new packages to
take effect ('service httpd2-naat restart' for MNF2)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.hardened-php.net/advisory_182005.77.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.hardened-php.net/advisory_192005.78.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.hardened-php.net/advisory_202005.79.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php_common432");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp5_common5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp_common432");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php432-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/11/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64php_common432-4.3.8-3.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libphp_common432-4.3.8-3.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"php-cgi-4.3.8-3.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"php-cli-4.3.8-3.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"php432-devel-4.3.8-3.6.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64php_common432-4.3.10-7.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libphp_common432-4.3.10-7.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"php-cgi-4.3.10-7.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"php-cli-4.3.10-7.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"php432-devel-4.3.10-7.4.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64php5_common5-5.0.4-9.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libphp5_common5-5.0.4-9.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-cgi-5.0.4-9.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-cli-5.0.4-9.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-devel-5.0.4-9.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-exif-5.0.4-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-fcgi-5.0.4-9.1.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64php5_common5p-cpe:/a:mandriva:linux:lib64php5_common5
mandrivalinuxlib64php_common432p-cpe:/a:mandriva:linux:lib64php_common432
mandrivalinuxlibphp5_common5p-cpe:/a:mandriva:linux:libphp5_common5
mandrivalinuxlibphp_common432p-cpe:/a:mandriva:linux:libphp_common432
mandrivalinuxphp-cgip-cpe:/a:mandriva:linux:php-cgi
mandrivalinuxphp-clip-cpe:/a:mandriva:linux:php-cli
mandrivalinuxphp-develp-cpe:/a:mandriva:linux:php-devel
mandrivalinuxphp-exifp-cpe:/a:mandriva:linux:php-exif
mandrivalinuxphp-fcgip-cpe:/a:mandriva:linux:php-fcgi
mandrivalinuxphp432-develp-cpe:/a:mandriva:linux:php432-devel
Rows per page:
1-10 of 131

Related

securityvulns 9
openvas 48
nessus 52
gentoo 6
ubuntu 5
centos 8
redhat 5
suse 5
redhatcve 4
cve 11
ubuntucve 11
fedora 1
freebsd 1
debian 9
osv 5
slackware 4
httpd 1
oraclelinux 1
debiancve 1
checkpoint_advisories 2
prion 2
securityvulns
securityvulns
[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS)
2006-11-03 00:00:00
MDKSA-2005:153 - Updated gnumeric packages fix integer overflow vulnerability
2005-08-28 00:00:00
MDKSA-2005:154 - Updated python packages fix integer overflow vulnerability
2005-08-28 00:00:00
openvas
openvas
PHP -- multiple vulnerabilities
2008-09-04 00:00:00
PHP -- multiple vulnerabilities
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200511-08 (PHP)
2008-09-24 00:00:00
nessus
nessus
GLSA-200511-08 : PHP: Multiple vulnerabilities
2005-11-15 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)
2006-01-21 00:00:00
SUSE-SA:2005:069: php4,php5
2005-12-20 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2005-11-13 00:00:00
libpcre: Heap integer overflow
2005-08-25 00:00:00
Gnumeric: Heap overflow in the included PCRE library
2005-09-03 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2005-12-23 00:00:00
PHP vulnerability
2005-10-17 00:00:00
PCRE vulnerability
2005-08-25 00:00:00
centos
centos
php security update
2005-11-11 03:54:29
php security update
2005-11-11 01:54:54
php security update
2005-11-10 23:45:48
redhat
redhat
(RHSA-2005:831) php security update
2005-11-10 00:00:00
(RHSA-2005:838) php security update
2005-11-10 00:00:00
(RHSA-2006:0197) python security update
2006-03-09 00:00:00
suse
suse
remote code execution in php4,php5
2005-12-14 16:26:50
remote code execution in pcre
2005-08-30 13:56:51
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
redhatcve
redhatcve
CVE-2005-3319
2015-10-30 09:40:10
CVE-2005-3054
2015-10-30 10:35:04
CVE-2005-3392
2015-10-30 09:51:57
cve
cve
CVE-2005-3391
2005-11-01 12:47:00
CVE-2005-3319
2005-10-27 10:02:00
CVE-2005-3353
2005-11-18 23:03:00
ubuntucve
ubuntucve
CVE-2005-3319
2005-10-27 00:00:00
CVE-2005-3391
2005-11-01 00:00:00
CVE-2005-3353
2005-11-18 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: ca-certificates-2020.2.41-1.1.fc32
2020-06-23 01:23:25
freebsd
freebsd
pcre -- regular expression buffer overflow
2005-08-01 00:00:00
debian
debian
[SECURITY] [DSA 819-1] New python2.1 packages fix arbitrary code execution
2005-09-23 00:00:00
[SECURITY] [DSA 819-1] New python2.1 packages fix arbitrary code execution
2005-09-23 09:29:05
[SECURITY] [DSA 800-1] New pcre3 packages fix arbitrary code execution
2005-09-02 00:00:00
osv
osv
python2.2 - integer overflow
2005-09-22 00:00:00
python2.3 - integer overflow
2005-09-28 00:00:00
python2.1 - integer overflow
2005-09-23 00:00:00
slackware
slackware
PCRE library
2005-08-30 15:53:53
PHP
2005-08-30 15:54:11
php5 in Slackware 10.1
2005-09-08 15:55:19
httpd
httpd
Apache Httpd < 2.0.55 : PCRE overflow
2005-10-14 00:00:00
oraclelinux
oraclelinux
python security update
2006-11-30 00:00:00
debiancve
debiancve
CVE-2005-2491
2005-08-23 04:00:00
checkpoint_advisories
checkpoint_advisories
PHP POST File Upload PHP GLOBALS Variable Overwrite Security Bypass - Ver2 (CVE-2005-3390)
2014-01-07 00:00:00
PHP POST File Upload PHP GLOBALS Variable Overwrite Security Bypass - Ver2 (CVE-2005-3390)
2014-02-03 00:00:00
prion
prion
Design/Logic Flaw
2009-08-05 19:30:00
Cross site scripting
2007-03-06 20:19:00
JSON
Related for MANDRAKE_MDKSA-2005-213.NASL
securityvulns9openvas48nessus52gentoo6ubuntu5centos8redhat5suse5redhatcve4cve11ubuntucve11fedora1freebsd1debian9osv5slackware4httpd1oraclelinux1debiancve1checkpoint_advisories2prion2