CentOS Update for php CESA-2009:0337 centos3 i386

2011-08-0900:00:00

plugins.openvas.org

8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.048 Low

EPSS

Percentile

92.7%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2009-April/015722.html");
  script_oid("1.3.6.1.4.1.25623.1.0.880871");
  script_version("2023-07-12T05:05:04+0000");
  script_tag(name:"last_modification", value:"2023-07-12 05:05:04 +0000 (Wed, 12 Jul 2023)");
  script_tag(name:"creation_date", value:"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name:"CESA", value:"2009:0337");
  script_cve_id("CVE-2008-3658", "CVE-2008-3660", "CVE-2008-5498", "CVE-2008-5557", "CVE-2009-0754");
  script_name("CentOS Update for php CESA-2009:0337 centos3 i386");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'php'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS3");
  script_tag(name:"affected", value:"php on CentOS 3");
  script_tag(name:"insight", value:"PHP is an HTML-embedded scripting language commonly used with the Apache
  HTTP Web server.

  A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
  remote attacker able to pass arbitrary input to a PHP script using mbstring
  conversion functions could cause the PHP interpreter to crash or,
  possibly, execute arbitrary code. (CVE-2008-5557)

  A flaw was found in the handling of the 'mbstring.func_overload'
  configuration setting. A value set for one virtual host, or in a user's
  .htaccess file, was incorrectly applied to other virtual hosts on the same
  server, causing the handling of multibyte character strings to not work
  correctly. (CVE-2009-0754)

  A buffer overflow flaw was found in PHP's imageloadfont function.  If a PHP
  script allowed a remote attacker to load a carefully crafted font file, it
  could cause the PHP interpreter to crash or, possibly, execute arbitrary
  code. (CVE-2008-3658)

  A flaw was found in the way PHP handled certain file extensions when
  running in FastCGI mode. If the PHP interpreter was being executed via
  FastCGI, a remote attacker could create a request which would cause the PHP
  interpreter to crash. (CVE-2008-3660)

  A memory disclosure flaw was found in the PHP gd extension's imagerotate
  function. A remote attacker able to pass arbitrary values as the
  'background color' argument of the function could, possibly, view portions
  of the PHP interpreter's memory. (CVE-2008-5498)

  All php users are advised to upgrade to these updated packages, which
  contain backported patches to resolve these issues. The httpd web server
  must be restarted for the changes to take effect.");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS3")
{

  if ((res = isrpmvuln(pkg:"php", rpm:"php~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-devel", rpm:"php-devel~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-imap", rpm:"php-imap~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~4.3.2~51.ent", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}