Mandriva Update for php MDKSA-2007:089 (php)

2009-04-0900:00:00
plugins.openvas.org
0.245 Low
EPSS
Percentile
96.2%
JSON
Check for the Version of php
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for php MDKSA-2007:089 (php)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "A heap-based buffer overflow vulnerability was found in PHP's gd
  extension.  A script that could be forced to process WBMP images
  from an untrusted source could result in arbitrary code execution
  (CVE-2007-1001).

  A DoS flaw was found in how PHP processed a deeply nested array.
  A remote attacker could cause the PHP intrerpreter to creash
  by submitting an input variable with a deeply nested array
  (CVE-2007-1285).
  
  A vulnerability in the way the mbstring extension set global variables
  was discovered where a script using the mb_parse_str() function to
  set global variables could be forced to to enable the register_globals
  configuration option, possibly resulting in global variable injection
  (CVE-2007-1583).
  
  A vulnerability in how PHP's mail() function processed header data was
  discovered.  If a script sent mail using a subject header containing
  a string from an untrusted source, a remote attacker could send bulk
  email to unintended recipients (CVE-2007-1718).
  
  A buffer overflow in the sqlite_decode_function() in the bundled
  sqlite library could allow context-dependent attackers to execute
  arbitrary code (CVE-2007-1887).
  
  Updated packages have been patched to correct these issues.  Also note
  that the default use of the Hardened PHP patch helped to protect
  against some of these issues prior to patching.";

tag_affected = "php on Mandriva Linux 2007.0,
  Mandriva Linux 2007.0/X86_64";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2007-04/msg00025.php");
  script_id(830059);
  script_version("$Revision: 6568 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_xref(name: "MDKSA", value: "2007:089");
  script_cve_id("CVE-2007-1001", "CVE-2007-1285", "CVE-2007-1583", "CVE-2007-1718", "CVE-2007-1887");
  script_name( "Mandriva Update for php MDKSA-2007:089 (php)");

  script_summary("Check for the Version of php");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2007.0")
{

  if ((res = isrpmvuln(pkg:"libphp5_common5", rpm:"libphp5_common5~5.1.6~1.7mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-cgi", rpm:"php-cgi~5.1.6~1.7mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-cli", rpm:"php-cli~5.1.6~1.7mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-devel", rpm:"php-devel~5.1.6~1.7mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-fcgi", rpm:"php-fcgi~5.1.6~1.7mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-gd", rpm:"php-gd~5.1.6~1.2mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-mbstring", rpm:"php-mbstring~5.1.6~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php-sqlite", rpm:"php-sqlite~5.1.6~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"php", rpm:"php~5.1.6~1.7mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64php5_common5", rpm:"lib64php5_common5~5.1.6~1.7mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}