MiracleLinux 3 : php-5.1.6-23.2AXS3 (AXSA:2009-38:01)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 3 PHP package affected by multiple CVEs and denial of service per AXSA:2009-38:01.

Reporter	Title	Published	Views	Family All 286
0day.today	PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability	2 Jan 200900:00	–	zdt
FreeBSD	php -- multiple vulnerabilities	4 Dec 200800:00	–	freebsd
FreeBSD	php5-gd -- uninitialized memory information disclosure vulnerability	24 Dec 200800:00	–	freebsd
FreeBSD	php-mbstring -- php mbstring buffer overflow vulnerability	21 Dec 200800:00	–	freebsd
Tenable Nessus	PHP 4.x < 4.4.9 Multiple Vulnerabilities	11 Aug 200800:00	–	nessus
Tenable Nessus	PHP 5.x < 5.2.7 Multiple Vulnerabilities	17 Nov 201400:00	–	nessus
Tenable Nessus	PHP 5.x < 5.2.9 Multiple Vulnerabilities	2 Mar 200900:00	–	nessus
Tenable Nessus	Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities	18 Aug 200400:00	–	nessus
Tenable Nessus	CentOS 3 / 4 : php (CESA-2009:0337)	7 Apr 200900:00	–	nessus
Tenable Nessus	CentOS 5 : php (CESA-2009:0338)	6 Jan 201000:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/675
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2009-38:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284127);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2008-3658",
    "CVE-2008-3660",
    "CVE-2008-5498",
    "CVE-2008-5557",
    "CVE-2008-5814",
    "CVE-2009-0754"
  );

  script_name(english:"MiracleLinux 3 : php-5.1.6-23.2AXS3 (AXSA:2009-38:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2009-38:01 advisory.

    PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write
    dynamically generated webpages. PHP also offers built-in database integration for several commercial and
    non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly
    simple. The most common use of PHP coding is probably as a replacement for CGI scripts.
    The php package contains the module which adds support for the PHP language to Apache HTTP Server.
    Fixed bugs:
    CVE-2008-3658
    Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before
    5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute
    arbitrary code via a crafted font file.
    CVE-2008-3660
    PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to
    cause a denial of service (crash) via a request with multiple dots preceding the extension, as
    demonstrated using foo..php.
    CVE-2008-5498
    Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers
    to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the
    bgd_color or clrBack argument) for an indexed image.
    CVE-2008-5557
    Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in
    PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string
    containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1)
    mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
    CVE-2008-5814
    Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is
    enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE:
    because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
    CVE-2009-0754
    PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of
    other sites hosted on the same web server by modifying the mbstring.func_overload setting within
    .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/675");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-5557");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2008-5814");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-ncurses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-oci8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'php-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-bcmath-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-cli-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-common-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-dba-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-devel-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gd-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-imap-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ldap-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mbstring-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mysql-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ncurses-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-oci8-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-odbc-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pdo-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pgsql-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-snmp-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-soap-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xml-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xmlrpc-5.1.6-23.2AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php / php-bcmath / php-cli / php-common / php-dba / php-devel / etc');
}

14 Jan 2026 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 210

EPSS0.29698

MiracleLinux 3 php package multiple vulnerabilities AXSA 2009 38 01 vulnerability 2008 3658 vulnerability 2008 3660 vulnerability 2008 5498 vulnerability 2008 5557