Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.UBUNTU_USN-147-1.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Ubuntu 4.10 / 5.04 : php4, php4-universe vulnerability (USN-147-1)

2006-01-1500:00:00
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
www.tenable.com
13
JSON

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR (PHP Extension and Application Repository) extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web server’s privileges.

In Ubuntu 5.04 (Hoary Hedgehog), the PEAR extension is unsupported (it is contained in the php4-universe package which is part of universe).
However, since this is a highly critical vulnerability, that package was fixed as well.

Please note that many applications contain a copy of the affected XMLRPC code, which must be fixed separately. The following packages may also be affected, but are unsupported in Ubuntu :

  • drupal - wordpress - phpwiki - horde3 - ewiki - egroupware - phpgroupware

These packages might be fixed by the community later.

The following common third-party applications are affected as well, but not packaged for Ubuntu :

  • Serendipity - Postnuke - tikiwiki - phpwebsite

If you run any affected software, please upgrade them as soon as possible to protect your server.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-147-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20541);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2005-1921");
  script_bugtraq_id(14088);
  script_xref(name:"USN", value:"147-1");

  script_name(english:"Ubuntu 4.10 / 5.04 : php4, php4-universe vulnerability (USN-147-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A remote code execution vulnerability has been discovered in the
XMLRPC module of the PEAR (PHP Extension and Application Repository)
extension of PHP. By sending specially crafted XMLRPC requests to an
affected web server, a remote attacker could exploit this to execute
arbitrary code with the web server's privileges.

In Ubuntu 5.04 (Hoary Hedgehog), the PEAR extension is unsupported (it
is contained in the php4-universe package which is part of universe).
However, since this is a highly critical vulnerability, that package
was fixed as well.

Please note that many applications contain a copy of the affected
XMLRPC code, which must be fixed separately. The following packages
may also be affected, but are unsupported in Ubuntu :

  - drupal - wordpress - phpwiki - horde3 - ewiki -
    egroupware - phpgroupware

These packages might be fixed by the community later.

The following common third-party applications are affected as well,
but not packaged for Ubuntu :

  - Serendipity - Postnuke - tikiwiki - phpwebsite

If you run any affected software, please upgrade them as soon as
possible to protect your server.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'PHP XML-RPC Arbitrary Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-domxml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mcal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mhash");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-sybase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-universe-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-xslt");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/07/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"4.10", pkgname:"libapache-mod-php4", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libapache2-mod-php4", pkgver:"4.3.8-3ubuntu7.9")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4", pkgver:"4.3.8-3ubuntu7.9")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-cgi", pkgver:"4.3.8-3ubuntu7.9")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-curl", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-dev", pkgver:"4.3.8-3ubuntu7.9")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-domxml", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-gd", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-imap", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-ldap", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-mcal", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-mhash", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-mysql", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-odbc", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-pear", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-recode", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-snmp", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-sybase", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-universe-common", pkgver:"4.3.10-10ubuntu3.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"php4-xslt", pkgver:"4.3.10-10ubuntu3.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache-mod-php4 / libapache2-mod-php4 / php4 / php4-cgi / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibapache-mod-php4p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4
canonicalubuntu_linuxlibapache2-mod-php4p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4
canonicalubuntu_linuxphp4p-cpe:/a:canonical:ubuntu_linux:php4
canonicalubuntu_linuxphp4-cgip-cpe:/a:canonical:ubuntu_linux:php4-cgi
canonicalubuntu_linuxphp4-curlp-cpe:/a:canonical:ubuntu_linux:php4-curl
canonicalubuntu_linuxphp4-devp-cpe:/a:canonical:ubuntu_linux:php4-dev
canonicalubuntu_linuxphp4-domxmlp-cpe:/a:canonical:ubuntu_linux:php4-domxml
canonicalubuntu_linuxphp4-gdp-cpe:/a:canonical:ubuntu_linux:php4-gd
canonicalubuntu_linuxphp4-imapp-cpe:/a:canonical:ubuntu_linux:php4-imap
canonicalubuntu_linuxphp4-ldapp-cpe:/a:canonical:ubuntu_linux:php4-ldap
Rows per page:
1-10 of 221

Related

patchstack 1
openvas 19
packetstorm 1
nessus 25
securityvulns 3
gentoo 6
ubuntucve 2
slackware 1
debian 8
checkpoint_advisories 1
suse 3
wpvulndb 1
exploitpack 1
cve 3
ubuntu 1
freebsd 3
cert 1
exploitdb 1
centos 1
redhat 1
osv 2
patchstack
patchstack
WordPress <= 1.3.0 - Eval Injection
2005-06-08 00:00:00
openvas
openvas
Debian Security Advisory DSA 746-1 (phpgroupware)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200507-07 (phpwebsite)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200507-02 (wordpress)
2008-09-24 00:00:00
packetstorm
packetstorm
PHP XML-RPC Arbitrary Code Execution
2009-10-30 00:00:00
nessus
nessus
GLSA-200507-15 : PHP: Script injection through XML-RPC
2005-07-16 00:00:00
GLSA-200507-02 : WordPress: Multiple vulnerabilities
2005-07-05 00:00:00
GLSA-200507-07 : phpWebSite: Multiple vulnerabilities
2005-07-10 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC
2005-07-07 00:00:00
Advisory 02/2005: Remote code execution in Serendipity
2005-06-30 00:00:00
Advisory 02/2005: Remote code execution in Serendipity
2005-07-01 00:00:00
gentoo
gentoo
WordPress: Multiple vulnerabilities
2005-07-04 00:00:00
PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
2005-07-03 00:00:00
phpWebSite: Multiple vulnerabilities
2005-07-10 00:00:00
ubuntucve
ubuntucve
CVE-2005-1921
2005-07-05 00:00:00
CVE-2005-2498
2005-08-15 00:00:00
slackware
slackware
PHP
2005-07-11 17:25:23
debian
debian
[SECURITY] [DSA 747-1] New egroupware packages fix remote command execution
2005-07-10 17:41:55
[SECURITY] [DSA 746-1] New packages fix remote command execution in phpgroupware
2005-07-14 01:17:31
[SECURITY] [DSA 746-1] New packages fix remote command execution in phpgroupware
2005-07-14 01:17:31
checkpoint_advisories
checkpoint_advisories
LupperA XMLRPC Propagation Request Code Execution - Ver2 (CVE-2005-1921)
2015-03-26 00:00:00
suse
suse
remote code execution in php/pear XML::RPC
2005-07-08 15:32:35
remote code execution in php4, php5
2005-08-30 14:35:22
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
wpvulndb
wpvulndb
WordPress <= 1.5.1.2 - XMLRPC Eval Injection
2005-06-29 00:00:00
exploitpack
exploitpack
PHPXMLRPC 1.1 - Remote Code Execution
2015-07-02 00:00:00
cve
cve
CVE-2005-1921
2005-07-05 04:00:00
CVE-2005-2498
2005-08-15 04:00:00
CVE-2005-2116
2005-07-05 04:00:00
ubuntu
ubuntu
PHP XMLRPC vulnerability
2005-07-05 00:00:00
freebsd
freebsd
pear-XML_RPC -- arbitrary remote code execution
2005-06-29 00:00:00
drupal -- PHP code execution vulnerabilities
2005-06-29 00:00:00
postnuke -- multiple vulnerabilities
2005-05-27 00:00:00
cert
cert
Multiple PHP XML-RPC implementations vulnerable to code injection
2005-07-06 00:00:00
exploitdb
exploitdb
PHPXMLRPC &lt; 1.1 - Remote Code Execution
2015-07-02 00:00:00
centos
centos
php security update
2005-07-07 20:36:04
redhat
redhat
(RHSA-2005:564) php security update
2005-07-07 00:00:00
osv
osv
drupal - arbitrary command execution
2005-07-10 00:00:00
php4 - several
2005-08-29 00:00:00
JSON
Related for UBUNTU_USN-147-1.NASL
patchstack1openvas19packetstorm1nessus25securityvulns3gentoo6ubuntucve2slackware1debian8checkpoint_advisories1suse3wpvulndb1exploitpack1cve3ubuntu1freebsd3cert1exploitdb1centos1redhat1osv2