Lucene search

K

CentOS Update for php CESA-2009:0337 centos3 i386

🗓️ 09 Aug 2011 00:00:00Reported by Copyright (C) 2011 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 43 Views

The remote host is missing an update for the 'php' package(s) announced via the referenced advisory. A heap-based buffer overflow flaw, a flaw in the handling of the 'mbstring.func_overload' configuration setting, a buffer overflow flaw, a flaw in the way PHP handled certain file extensions when running in FastCGI mode, and a memory disclosure flaw were found in PHP

Show more
Related
Refs
Code
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2009-April/015722.html");
  script_oid("1.3.6.1.4.1.25623.1.0.880871");
  script_version("2023-07-12T05:05:04+0000");
  script_tag(name:"last_modification", value:"2023-07-12 05:05:04 +0000 (Wed, 12 Jul 2023)");
  script_tag(name:"creation_date", value:"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name:"CESA", value:"2009:0337");
  script_cve_id("CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2009-0754");
  script_name("CentOS Update for php CESA-2009:0337 centos3 i386");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'php'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS3");
  script_tag(name:"affected", value:"php on CentOS 3");
  script_tag(name:"insight", value:"PHP is an HTML-embedded scripting language commonly used with the Apache
  HTTP Web server.

  A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
  remote attacker able to pass arbitrary input to a PHP script using mbstring
  conversion functions could cause the PHP interpreter to crash or,
  possibly, execute arbitrary code. (CVE-2008-5557)

  A flaw was found in the handling of the 'mbstring.func_overload'
  configuration setting. A value set for one virtual host, or in a user's
  .htaccess file, was incorrectly applied to other virtual hosts on the same
  server, causing the handling of multibyte character strings to not work
  correctly. (CVE-2009-0754)

  A buffer overflow flaw was found in PHP's imageloadfont function.  If a PHP
  script allowed a remote attacker to load a carefully crafted font file, it
  could cause the PHP interpreter to crash or, possibly, execute arbitrary
  code. (CVE-2008-3658)

  A flaw was found in the way PHP handled certain file extensions when
  running in FastCGI mode. If the PHP interpreter was being executed via
  FastCGI, a remote attacker could create a request which would cause the PHP
  interpreter to crash. (CVE-2008-3660)

  A memory disclosure flaw was found in the PHP gd extension's imagerotate
  function. A remote attacker able to pass arbitrary values as the
  'background color' argument of the function could, possibly, view portions
  of the PHP interpreter's memory. (CVE-2008-5498)

  All php users are advised to upgrade to these updated packages, which
  contain backported patches to resolve these issues. The httpd web server
  must be restarted for the changes to take effect.");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS3")
{

  if ((res = isrpmvuln(pkg:"php", rpm:"php~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-devel", rpm:"php-devel~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-imap", rpm:"php-imap~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Aug 2011 00:00Current
8High risk
Vulners AI Score8
CVSS210
EPSS0.146
43
.json
Report