Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2006-0682.NASL
HistorySep 22, 2006 - 12:00 a.m.

RHEL 2.1 : php (RHSA-2006:0682)

2006-09-2200:00:00
This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)

A buffer overflow was discovered found in the PHP sscanf() function.
If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the ‘apache’ user.
(CVE-2006-4020)

An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)

An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the ‘memory_limit’ setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)

Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2006:0682. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22444);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-3016", "CVE-2006-4020", "CVE-2006-4482", "CVE-2006-4486");
  script_xref(name:"RHSA", value:"2006:0682");

  script_name(english:"RHEL 2.1 : php (RHSA-2006:0682)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated PHP packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.

A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier
to be used, a cross-site-scripting or response-splitting attack could
be possible. (CVE-2006-3016)

A buffer overflow was discovered found in the PHP sscanf() function.
If a script used the sscanf() function with positional arguments in
the format string, a remote attacker sending a carefully crafted
request could execute arbitrary code as the 'apache' user.
(CVE-2006-4020)

An integer overflow was discovered in the PHP wordwrap() and
str_repeat() functions. If a script running on a 64-bit server used
either of these functions on untrusted user data, a remote attacker
sending a carefully crafted request might be able to cause a heap
overflow. (CVE-2006-4482)

An integer overflow was discovered in the PHP memory allocation
handling. On 64-bit platforms, the 'memory_limit' setting was not
enforced correctly, which could allow a denial of service attack by a
remote user. (CVE-2006-4486)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also
contain a fix for a bug where certain input strings to the metaphone()
function could cause memory corruption."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2006-3016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2006-4020"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2006-4482"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2006-4486"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2006:0682"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2006:0682";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"php-4.1.2-2.11")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"php-devel-4.1.2-2.11")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"php-imap-4.1.2-2.11")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"php-ldap-4.1.2-2.11")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"php-manual-4.1.2-2.11")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"php-mysql-4.1.2-2.11")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"php-odbc-4.1.2-2.11")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"php-pgsql-4.1.2-2.11")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-devel / php-imap / php-ldap / php-manual / php-mysql / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxphpp-cpe:/a:redhat:enterprise_linux:php
redhatenterprise_linuxphp-develp-cpe:/a:redhat:enterprise_linux:php-devel
redhatenterprise_linuxphp-imapp-cpe:/a:redhat:enterprise_linux:php-imap
redhatenterprise_linuxphp-ldapp-cpe:/a:redhat:enterprise_linux:php-ldap
redhatenterprise_linuxphp-manualp-cpe:/a:redhat:enterprise_linux:php-manual
redhatenterprise_linuxphp-mysqlp-cpe:/a:redhat:enterprise_linux:php-mysql
redhatenterprise_linuxphp-odbcp-cpe:/a:redhat:enterprise_linux:php-odbc
redhatenterprise_linuxphp-pgsqlp-cpe:/a:redhat:enterprise_linux:php-pgsql
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

centos 2
redhat 3
nessus 20
oraclelinux 2
suse 1
ubuntu 3
ubuntucve 4
cve 4
gentoo 1
openvas 18
freebsd 1
osv 2
debian 2
centos
centos
php security update
2006-09-25 01:32:16
php security update
2006-09-21 11:36:12
redhat
redhat
(RHSA-2006:0682) php security update
2006-09-21 00:00:00
(RHSA-2006:0669) php security update
2006-09-21 00:00:00
(RHSA-2006:0688) php security update
2006-10-05 00:00:00
nessus
nessus
CentOS 3 / 4 : php (CESA-2006:0669)
2006-09-22 00:00:00
RHEL 3 / 4 : php (RHSA-2006:0669)
2006-09-22 00:00:00
Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)
2013-07-12 00:00:00
oraclelinux
oraclelinux
Important php security update
2006-11-30 00:00:00
Important php security update
2006-11-30 00:00:00
suse
suse
remote code execution in php4,php5
2006-09-21 10:05:51
ubuntu
ubuntu
PHP vulnerabilities
2006-09-07 00:00:00
PHP vulnerabilities
2006-10-11 00:00:00
PHP vulnerabilities
2006-07-19 00:00:00
ubuntucve
ubuntucve
CVE-2006-3016
2006-06-14 00:00:00
CVE-2006-4486
2006-08-31 00:00:00
CVE-2006-4020
2006-08-08 00:00:00
cve
cve
CVE-2006-3016
2006-06-14 23:02:00
CVE-2006-4486
2006-08-31 21:04:00
CVE-2006-4020
2006-08-08 20:04:00
gentoo
gentoo
PHP: Arbitary code execution
2006-08-29 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200608-28 (php)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200608-28 (php)
2008-09-24 00:00:00
FreeBSD Ports: php4, php5
2008-09-04 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2006-08-18 00:00:00
osv
osv
php4 - several vulnerabilities
2007-07-07 00:00:00
php4
2006-11-06 00:00:00
debian
debian
[SECURITY] [DSA 1331-1] New php4 packages fix arbitrary code execution
2007-07-07 15:00:42
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities
2006-11-06 18:13:12
JSON
Related for REDHAT-RHSA-2006-0682.NASL
centos2redhat3nessus20oraclelinux2suse1ubuntu3ubuntucve4cve4gentoo1openvas18freebsd1osv2debian2