RedHat Update for php RHSA-2014:0311-01 - PHP buffer overflow and file access issue
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Oracle linux | php security update | 18 Mar 201400:00 | – | oraclelinux |
Oracle linux | kdelibs security update | 24 Nov 200900:00 | – | oraclelinux |
RedHat Linux | (RHSA-2014:0311) Critical: php security update | 18 Mar 201400:00 | – | redhat |
RedHat Linux | (RHSA-2009:1601) Critical: kdelibs security update | 24 Nov 200900:00 | – | redhat |
RedHat Linux | (RHSA-2014:0312) Critical: php security update | 18 Mar 201400:00 | – | redhat |
OpenVAS | RedHat Update for php RHSA-2014:0311-01 | 20 Mar 201400:00 | – | openvas |
OpenVAS | CentOS Update for php CESA-2014:0311 centos5 | 20 Mar 201400:00 | – | openvas |
OpenVAS | CentOS Update for php CESA-2014:0311 centos5 | 20 Mar 201400:00 | – | openvas |
OpenVAS | Oracle: Security Advisory (ELSA-2014-0311) | 6 Oct 201500:00 | – | openvas |
OpenVAS | FreeBSD Ports: php5 | 24 Jan 201100:00 | – | openvas |
Source | Link |
---|---|
redhat | www.redhat.com/archives/rhsa-announce/2014-March/msg00027.html |
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.871140");
script_version("2024-03-21T05:06:54+0000");
script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
script_tag(name:"creation_date", value:"2014-03-20 09:52:19 +0530 (Thu, 20 Mar 2014)");
script_cve_id("CVE-2006-7243", "CVE-2009-0689");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_name("RedHat Update for php RHSA-2014:0311-01");
script_tag(name:"affected", value:"php on Red Hat Enterprise Linux (v. 5 server)");
script_tag(name:"insight", value:"PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A buffer overflow flaw was found in the way PHP parsed floating point
numbers from their text representation. If a PHP application converted
untrusted input strings to numbers, an attacker able to provide such input
could cause the application to crash or, possibly, execute arbitrary code
with the privileges of the application. (CVE-2009-0689)
It was found that PHP did not properly handle file names with a NULL
character. A remote attacker could possibly use this flaw to make a PHP
script access unexpected files and bypass intended file system access
restrictions. (CVE-2006-7243)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"RHSA", value:"2014:0311-01");
script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00027.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'php'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_5");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"php", rpm:"php~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-bcmath", rpm:"php-bcmath~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-cli", rpm:"php-cli~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-common", rpm:"php-common~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-dba", rpm:"php-dba~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-debuginfo", rpm:"php-debuginfo~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-devel", rpm:"php-devel~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-gd", rpm:"php-gd~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-imap", rpm:"php-imap~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-mbstring", rpm:"php-mbstring~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-ncurses", rpm:"php-ncurses~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-pdo", rpm:"php-pdo~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-snmp", rpm:"php-snmp~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-soap", rpm:"php-soap~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-xml", rpm:"php-xml~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-xmlrpc", rpm:"php-xmlrpc~5.1.6~44.el5_10", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo