Ubuntu Update for php5 regression USN-549-2

2009-03-23T00:00:00
ID OPENVAS:840067
Type openvas
Reporter Copyright (C) 2009 Greenbone Networks GmbH
Modified 2017-12-01T00:00:00

Description

Ubuntu Update for Linux kernel vulnerabilities USN-549-2

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_549_2.nasl 7969 2017-12-01 09:23:16Z santu $
#
# Ubuntu Update for php5 regression USN-549-2
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "USN-549-1 fixed vulnerabilities in PHP.  However, some upstream changes
  were incomplete, which caused crashes in certain situations with Ubuntu
  7.10.  This update fixes the problem.

  We apologize for the inconvenience.
  
  Original advisory details:
  
  It was discovered that the wordwrap function did not correctly
  check lengths.  Remote attackers could exploit this to cause
  a crash or monopolize CPU resources, resulting in a denial of
  service. (CVE-2007-3998)
  
  Integer overflows were discovered in the strspn and strcspn functions.
  Attackers could exploit this to read arbitrary areas of memory, possibly
  gaining access to sensitive information. (CVE-2007-4657)
  
  Stanislav Malyshev discovered that money_format function did not correctly
  handle certain tokens.  If a PHP application were tricked into processing
  a bad format string, a remote attacker could execute arbitrary code with
  application privileges. (CVE-2007-4658)
  
  It was discovered that the php_openssl_make_REQ function did not
  correctly check buffer lengths.  A remote attacker could send a
  specially crafted message and execute arbitrary code with application
  privileges. (CVE-2007-4662)
  
  It was discovered that certain characters in session cookies were not
  handled correctly.  A remote attacker could injection values which could
  lead to altered application behavior, potentially gaining additional
  privileges. (CVE-2007-3799)
  
  Gerhard Wagner discovered that the chunk_split function did not
  correctly handle long strings.  A remote attacker could exploit this
  to execute arbitrary code with application privileges.  (CVE-2007-2872,
  CVE-2007-4660, CVE-2007-4661)
  
  Stefan Esser discovered that deeply nested arrays could be made to
  fill stack space.  A remote attacker could exploit this to cause a
  crash or monopolize CPU resources, resulting in a denial of service.
  (CVE-2007-1285, CVE-2007-4670)
  
  Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars
  functions did not correctly stop when handling partial multibyte
  sequences.  A remote attacker could exploit this to read certain areas of
  memory, possibly gaining access to sensitive information. (CVE-2007-5898)
  
  It was discovered that the output_add_rewrite_var function would
  sometimes leak session id information to forms targeting remote URLs.
  Malicious remote sites could use this information to gain access to a
  PHP application user's login credentials. (CVE-2007-5899)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-549-2";
tag_affected = "php5 regression on Ubuntu 7.10";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-549-2/");
  script_id(840067);
  script_version("$Revision: 7969 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "USN", value: "549-2");
  script_cve_id("CVE-2007-3998", "CVE-2007-4657", "CVE-2007-4658", "CVE-2007-4662", "CVE-2007-3799", "CVE-2007-2872", "CVE-2007-4660", "CVE-2007-4661", "CVE-2007-1285", "CVE-2007-4670", "CVE-2007-5898", "CVE-2007-5899");
  script_name( "Ubuntu Update for php5 regression USN-549-2");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU7.10")
{

  if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-curl", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-dev", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-gd", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-mhash", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-recode", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"php5", ver:"5.2.3-1ubuntu6.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}