Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2006-063.NASL
HistoryApr 04, 2006 - 12:00 a.m.

Mandrake Linux Security Advisory : php (MDKSA-2006:063)

2006-04-0400:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
24
JSON

A vulnerability was discovered where the html_entity_decode() function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magic_quotes_gpc on which seems to protect against this vulnerability ‘out of the box’ but users are encourages to upgrade regardless.

Once the upgraded packages have been installed, users will need to issue a ‘service httpd restart’ in order for the fixed packages to be properly loaded.

Updated packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:063. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(21178);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2006-1490");
  script_xref(name:"MDKSA", value:"2006:063");

  script_name(english:"Mandrake Linux Security Advisory : php (MDKSA-2006:063)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was discovered where the html_entity_decode() function
would return a chunk of memory with length equal to the string
supplied, which could include php code, php ini data, other user data,
etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005
ship with magic_quotes_gpc on which seems to protect against this
vulnerability 'out of the box' but users are encourages to upgrade
regardless.

Once the upgraded packages have been installed, users will need to
issue a 'service httpd restart' in order for the fixed packages to be
properly loaded.

Updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php_common432");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp5_common5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp_common432");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php432-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64php_common432-4.3.10-7.8.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libphp_common432-4.3.10-7.8.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"php-cgi-4.3.10-7.8.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"php-cli-4.3.10-7.8.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"php432-devel-4.3.10-7.8.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64php5_common5-5.0.4-9.4.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libphp5_common5-5.0.4-9.4.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-cgi-5.0.4-9.4.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-cli-5.0.4-9.4.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-devel-5.0.4-9.4.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"php-fcgi-5.0.4-9.4.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64php5_common5p-cpe:/a:mandriva:linux:lib64php5_common5
mandrivalinuxlib64php_common432p-cpe:/a:mandriva:linux:lib64php_common432
mandrivalinuxlibphp5_common5p-cpe:/a:mandriva:linux:libphp5_common5
mandrivalinuxlibphp_common432p-cpe:/a:mandriva:linux:libphp_common432
mandrivalinuxphp-cgip-cpe:/a:mandriva:linux:php-cgi
mandrivalinuxphp-clip-cpe:/a:mandriva:linux:php-cli
mandrivalinuxphp-develp-cpe:/a:mandriva:linux:php-devel
mandrivalinuxphp-fcgip-cpe:/a:mandriva:linux:php-fcgi
mandrivalinuxphp432-develp-cpe:/a:mandriva:linux:php432-devel
mandrivalinux2006cpe:/o:mandriva:linux:2006
Rows per page:
1-10 of 111

Related

ubuntucve 1
prion 1
cve 1
nessus 7
openvas 1
gentoo 1
suse 1
centos 1
redhat 1
ubuntu 1
seebug 1
ubuntucve
ubuntucve
CVE-2006-1490
2006-03-29 00:00:00
prion
prion
Design/Logic Flaw
2006-03-29 21:06:00
cve
cve
CVE-2006-1490
2006-03-29 21:06:00
nessus
nessus
Fedora Core 5 : php-5.1.4-1 (2006-289)
2007-01-17 00:00:00
GLSA-200605-08 : PHP: Multiple vulnerabilities
2006-05-13 00:00:00
SUSE-SA:2006:024: php4,php5
2006-05-13 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200605-08 (php)
2008-09-24 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2006-05-08 00:00:00
suse
suse
cross site scripting, information leak in php4,php5
2006-05-05 13:42:01
centos
centos
php security update
2006-04-25 15:25:25
redhat
redhat
(RHSA-2006:0276) php security update
2006-04-25 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2006-07-19 00:00:00
seebug
seebug
Apple Mac OS X 2006-007存在多个安全漏洞
2006-11-29 00:00:00
JSON
Related for MANDRAKE_MDKSA-2006-063.NASL
ubuntucve1prion1cve1nessus7openvas1gentoo1suse1centos1redhat1ubuntu1seebug1