Lucene search
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.UBUNTU_USN-105-1.NASLHistoryJan 15, 2006 - 12:00 a.m.
Ubuntu 4.10 : php4 vulnerabilities (USN-105-1)
2006-01-1500:00:00
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
www.tenable.com
20
Two Denial of Service vulnerabilities have been discovered in the getimagesize() function. getimagesize() uses format specific internal functions php_handle_iff() and php_handle_jpeg() which get stuck in infinite loops when certain (invalid) size parameters are read from the image. In web applications that allow users to upload arbitrary image files, a remote attacker could render the server unavailable by uploading specially crafted images.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-105-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20491);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2005-0524", "CVE-2005-0525");
script_xref(name:"USN", value:"105-1");
script_name(english:"Ubuntu 4.10 : php4 vulnerabilities (USN-105-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"Two Denial of Service vulnerabilities have been discovered in the
getimagesize() function. getimagesize() uses format specific internal
functions php_handle_iff() and php_handle_jpeg() which get stuck in
infinite loops when certain (invalid) size parameters are read from
the image. In web applications that allow users to upload arbitrary
image files, a remote attacker could render the server unavailable by
uploading specially crafted images.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cgi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-domxml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mcal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mhash");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-pear");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-recode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-sybase");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-xslt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
script_set_attribute(attribute:"patch_publication_date", value:"2005/04/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"4.10", pkgname:"libapache2-mod-php4", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-cgi", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-curl", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-dev", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-domxml", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-gd", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-ldap", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-mcal", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-mhash", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-mysql", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-odbc", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-pear", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-recode", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-snmp", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-sybase", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-xslt", pkgver:"4.3.8-3ubuntu7.7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php4 / php4 / php4-cgi / php4-curl / php4-dev / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libapache2-mod-php4 | p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4 |
| canonical | ubuntu_linux | php4 | p-cpe:/a:canonical:ubuntu_linux:php4 |
| canonical | ubuntu_linux | php4-cgi | p-cpe:/a:canonical:ubuntu_linux:php4-cgi |
| canonical | ubuntu_linux | php4-curl | p-cpe:/a:canonical:ubuntu_linux:php4-curl |
| canonical | ubuntu_linux | php4-dev | p-cpe:/a:canonical:ubuntu_linux:php4-dev |
| canonical | ubuntu_linux | php4-domxml | p-cpe:/a:canonical:ubuntu_linux:php4-domxml |
| canonical | ubuntu_linux | php4-gd | p-cpe:/a:canonical:ubuntu_linux:php4-gd |
| canonical | ubuntu_linux | php4-ldap | p-cpe:/a:canonical:ubuntu_linux:php4-ldap |
| canonical | ubuntu_linux | php4-mcal | p-cpe:/a:canonical:ubuntu_linux:php4-mcal |
| canonical | ubuntu_linux | php4-mhash | p-cpe:/a:canonical:ubuntu_linux:php4-mhash |
Related
nessus
nessus
PHP Multiple Image Processing Functions File Handling DoS
2005-04-02 00:00:00
SUSE-SA:2005:023: php4, php5
2005-04-15 00:00:00
GLSA-200504-15 : PHP: Multiple vulnerabilities
2005-04-18 00:00:00
securityvulns
securityvulns
openvas
openvas
Ubuntu: Security Advisory (USN-105-1)
2022-08-26 00:00:00
Gentoo Security Advisory GLSA 200504-15 (PHP)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200504-15 (PHP)
2008-09-24 00:00:00
suse
suse
remote denial of service in php4, php5
2005-04-15 09:47:00
ubuntu
ubuntu
PHP4 vulnerabilities
2005-04-05 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2005-04-18 00:00:00
centos
centos
php security update
2005-05-04 17:39:54
php security update
2005-04-28 22:58:33
redhat
redhat
(RHSA-2005:405) PHP security update
2005-04-28 00:00:00
(RHSA-2005:406) PHP security update
2005-05-04 00:00:00
osv
osv
php3 - missing input sanitising
2005-04-15 00:00:00
debian
debian
[SECURITY] [DSA 729-1] New PHP4 packages fix denial of service
2005-05-26 11:27:49
[SECURITY] [DSA 708-1] New PHP3 packages fix denial of service
2005-04-15 10:42:29
[SECURITY] [DSA 729-1] New PHP4 packages fix denial of service
2005-05-26 11:27:49
ubuntucve
ubuntucve
CVE-2005-0525
2005-05-02 00:00:00
CVE-2005-0524
2005-05-02 00:00:00
cve
cve
CVE-2005-0525
2005-05-02 04:00:00
CVE-2005-0524
2005-05-02 04:00:00
Related for UBUNTU_USN-105-1.NASL