Lucene search
Copyright (C) 2008 Greenbone AGOPENVAS:136141256231058345HistoryJan 17, 2008 - 12:00 a.m.
Debian: Security Advisory (DSA-1296-1)
2008-01-1700:00:00
Copyright (C) 2008 Greenbone AG
plugins.openvas.org
3
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.025 Low
EPSS
Percentile
90.0%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.58345");
script_cve_id("CVE-2007-2509");
script_tag(name:"creation_date", value:"2008-01-17 22:17:11 +0000 (Thu, 17 Jan 2008)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"2.6");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:P/A:N");
script_name("Debian: Security Advisory (DSA-1296-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(3\.1|4)");
script_xref(name:"Advisory-ID", value:"DSA-1296-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2007/DSA-1296-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1296");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'php4' package(s) announced via the DSA-1296-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.
For the oldstable distribution (sarge) this problem has been fixed in version 4.3.10-21.
For the stable distribution (etch) this problem has been fixed in version 4.4.4-8+etch3.
For the unstable distribution (sid) this problem won't be fixed, as php4 will be removed from sid, thus you are strongly advised to migrate to php5 if you prefer to follow the unstable distribution.
We recommend that you upgrade your PHP packages. Packages for the Sparc architectures are not yet available, due to problems on the build host. They will be provided later.");
script_tag(name:"affected", value:"'php4' package(s) on Debian 3.1, Debian 4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB3.1") {
if(!isnull(res = isdpkgvuln(pkg:"libapache-mod-php4", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libapache2-mod-php4", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-cgi", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-cli", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-common", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-curl", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-dev", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-domxml", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-gd", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-imap", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-ldap", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-mcal", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-mhash", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-mysql", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-odbc", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-pear", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-recode", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-snmp", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-sybase", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-xslt", ver:"4:4.3.10-21", rls:"DEB3.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB4") {
if(!isnull(res = isdpkgvuln(pkg:"libapache-mod-php4", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libapache2-mod-php4", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-cgi", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-cli", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-common", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-curl", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-dev", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-domxml", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-gd", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-imap", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-interbase", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-ldap", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-mcal", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-mcrypt", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-mhash", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-mysql", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-odbc", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-pear", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-pgsql", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-pspell", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-recode", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-snmp", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-sybase", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"php4-xslt", ver:"6:4.4.4-8+etch3", rls:"DEB4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
prion
prion
Crlf injection
2007-05-09 00:19:00
ubuntucve
ubuntucve
CVE-2007-2509
2007-05-09 00:00:00
cve
cve
CVE-2007-2509
2007-05-09 00:19:00
debian
debian
[SECURITY] [DSA 1296-1] New php4 packages fix privilege escalation
2007-05-21 17:42:19
[SECURITY] [DSA 1295-1] New php5 packages fix several vulnerabilities
2007-05-19 10:39:36
openvas
openvas
Debian Security Advisory DSA 1296-1 (php4)
2008-01-17 00:00:00
Debian Security Advisory DSA 1295-1 (php5)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1295-1)
2008-01-17 00:00:00
securityvulns
securityvulns
PHP FTP commans injection
2007-03-24 00:00:00
veracode
veracode
CRLF Injection
2020-04-10 00:17:46
nessus
nessus
Debian DSA-1296-1 : php4 - missing input sanitising
2007-05-25 00:00:00
RHEL 4 : php (RHSA-2007:0349)
2007-05-10 00:00:00
Oracle Linux 4 : php (ELSA-2007-0349)
2013-07-12 00:00:00
oraclelinux
oraclelinux
Important: php security update
2007-05-09 00:00:00
Moderate: php security update
2007-09-26 00:00:00
Important: php security update
2007-06-26 00:00:00
osv
osv
php5
2007-05-19 00:00:00
centos
centos
php security update
2007-05-09 15:32:48
php security update
2007-05-10 14:34:11
php security update
2007-10-24 03:08:58
redhat
redhat
(RHSA-2007:0349) Important: php security update
2007-05-09 00:00:00
(RHSA-2007:0355) Important: php security update
2007-05-10 00:00:00
(RHSA-2007:0348) Important: php security update
2007-05-08 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.6.fc6
2007-05-14 17:11:53
[SECURITY] Fedora Core 5 Update: php-5.1.6-1.6
2007-05-24 05:24:12
ubuntu
ubuntu
PHP vulnerabilities
2007-05-22 00:00:00
f5
f5
K7859 : Multiple PHP vulnerabilities
2013-03-19 00:00:00
SOL7859 - Multiple PHP vulnerabilities
2007-09-16 00:00:00
suse
suse
remote denial of service in php4,php5
2007-07-12 16:26:43
gentoo
gentoo
PHP: Multiple vulnerabilities
2007-05-26 00:00:00
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.025 Low
EPSS
Percentile
90.0%
Related for OPENVAS:136141256231058345