Vulners
Lucene search
Ubuntu Update for php5 vulnerabilities USN-455-1
🗓️ 23 Mar 2009 00:00:00Reported by Copyright (C) 2009 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 42 Views
| Reporter | Title | Published | Views | Family All 244 |
|---|---|---|---|---|
 | PHP < 4.4.5 / 5.2.1 Multiple Vulnerabilities | 9 Feb 200700:00 | – | nessus |
| PHP 4.x < 4.4.7 / 5.x < 5.2.2 Multiple Vulnerabilities | 4 May 200700:00 | – | nessus |
| PHP 5.x < 5.2.3 Multiple Vulnerabilities | 4 Jun 200700:00 | – | nessus |
| PHP 5.x < 5.2.0 Multiple Vulnerabilities | 25 Mar 200800:00 | – | nessus |
| CentOS 3 / 4 : php (CESA-2007:0076) | 21 Feb 200700:00 | – | nessus |
| CentOS 5 : php (CESA-2007:0153) | 30 Apr 200700:00 | – | nessus |
| CentOS 3 / 4 : php (CESA-2007:0155) | 19 Apr 200700:00 | – | nessus |
| Debian DSA-1282-1 : php4 - several vulnerabilities | 30 Apr 200700:00 | – | nessus |
| Debian DSA-1283-1 : php5 - several vulnerabilities | 30 Apr 200700:00 | – | nessus |
| F5 Networks BIG-IP : Multiple PHP vulnerabilities (SOL7859) | 10 Oct 201400:00 | – | nessus |
10
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/usn/usn-455-1/ |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_455_1.nasl 7969 2017-12-01 09:23:16Z santu $
#
# Ubuntu Update for php5 vulnerabilities USN-455-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Stefan Esser discovered multiple vulnerabilities in the "Month of PHP
bugs".
The substr_compare() function did not sufficiently verify its length
argument. This might be exploited to read otherwise unaccessible
memory, which might lead to information disclosure. (CVE-2007-1375)
The shared memory (shmop) functions did not verify resource types,
thus they could be called with a wrong resource type that might
contain user supplied data. This could be exploited to read and write
arbitrary memory addresses of the PHP interpreter. This issue does
not affect Ubuntu 7.04. (CVE-2007-1376)
The php_binary handler of the session extension was missing a boundary
check. When unserializing overly long variable names this could be
exploited to read up to 126 bytes of memory, which might lead to
information disclosure. (CVE-2007-1380)
The internal array_user_key_compare() function, as used for example by
the PHP function uksort(), incorrectly handled memory unreferencing of
its arguments. This could have been exploited to execute arbitrary
code with the privileges of the PHP interpreter, and thus
circumventing any disable_functions, open_basedir, or safe_mode
restrictions. (CVE-2007-1484)
The session_regenerate_id() function did not properly clean up the
former session identifier variable. This could be exploited to crash
the PHP interpreter, possibly also remotely. (CVE-2007-1521)
Under certain conditions the mb_parse_str() could cause the
register_globals configuration option to become permanently enabled.
This opened an attack vector for a large and common class of
vulnerabilities. (CVE-2007-1583)
The session extension did not set the correct reference count value
for the session variables. By unsetting _SESSION and HTTP_SESSION_VARS
(or tricking a PHP script into doing that) this could be exploited to
execute arbitrary code with the privileges of the PHP interpreter. This
issue does not affect Ubuntu 7.04. (CVE-2007-1700)
The mail() function did not correctly escape control characters in
multiline email headers. This could be remotely exploited to inject
arbitrary email headers. (CVE-2007-1718)
The php_stream_filter_create() function had an off-by-one buffer
overflow in the handling of wildcards. This could be exploited to
remotely crash the PHP interpreter. This issue does not affect Ubuntu
7.04. (CVE-2007-1824)
When calling the sqlite_udf_decode_binary() with special arguments, a
buffer overflow happened. Depending on the application t ...
Description truncated, for more information please check the Reference URL";
tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-455-1";
tag_affected = "php5 vulnerabilities on Ubuntu 6.06 LTS ,
Ubuntu 6.10 ,
Ubuntu 7.04";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-455-1/");
script_id(840068);
script_version("$Revision: 7969 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_xref(name: "USN", value: "455-1");
script_cve_id("CVE-2007-1375", "CVE-2007-1376", "CVE-2007-1380", "CVE-2007-1484", "CVE-2007-1521", "CVE-2007-1583", "CVE-2007-1700", "CVE-2007-1718", "CVE-2007-1824", "CVE-2007-1887", "CVE-2007-1888", "CVE-2007-1900");
script_name( "Ubuntu Update for php5 vulnerabilities USN-455-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU7.04")
{
if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-curl", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-dev", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-gd", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-mhash", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-pspell", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-recode", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-tidy", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5", ver:"5.2.1-0ubuntu1.1", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU6.06 LTS")
{
if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-curl", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-dev", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-gd", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-mhash", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-mysqli", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-recode", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5", ver:"5.1.2-1ubuntu3.7", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU6.10")
{
if ((res = isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-cgi", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-cli", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-common", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-curl", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-dev", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-gd", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-ldap", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-mhash", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-mysql", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-mysqli", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-odbc", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-pgsql", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-recode", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-snmp", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-sqlite", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-sybase", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5-xsl", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php-pear", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"php5", ver:"5.1.6-1ubuntu2.4", rls:"UBUNTU6.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Dec 2017 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.25606