CentOS Update for php CESA-2014:0311 centos5. PHP updates for buffer overflow and file handling vulnerabilities. Restart httpd after update
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Oracle: Security Advisory (ELSA-2014-0311) | 6 Oct 201500:00 | – | openvas |
OpenVAS | RedHat Update for php RHSA-2014:0311-01 | 20 Mar 201400:00 | – | openvas |
OpenVAS | CentOS Update for php CESA-2014:0311 centos5 | 20 Mar 201400:00 | – | openvas |
OpenVAS | RedHat Update for php RHSA-2014:0311-01 | 20 Mar 201400:00 | – | openvas |
OpenVAS | FreeBSD Ports: php5 | 24 Jan 201100:00 | – | openvas |
OpenVAS | FreeBSD Ports: php5 | 24 Jan 201100:00 | – | openvas |
OpenVAS | Oracle: Security Advisory (ELSA-2009-1601) | 8 Oct 201500:00 | – | openvas |
OpenVAS | SLES11: Security update for kdelibs3 | 14 Dec 200900:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-376-1) | 8 Mar 202300:00 | – | openvas |
OpenVAS | CentOS Update for kdelibs CESA-2009:1601 centos4 i386 | 9 Aug 201100:00 | – | openvas |
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for php CESA-2014:0311 centos5
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
if(description)
{
script_id(881904);
script_version("$Revision: 6656 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2014-03-20 09:46:22 +0530 (Thu, 20 Mar 2014)");
script_cve_id("CVE-2006-7243", "CVE-2009-0689");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_name("CentOS Update for php CESA-2014:0311 centos5 ");
tag_insight = "PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A buffer overflow flaw was found in the way PHP parsed floating point
numbers from their text representation. If a PHP application converted
untrusted input strings to numbers, an attacker able to provide such input
could cause the application to crash or, possibly, execute arbitrary code
with the privileges of the application. (CVE-2009-0689)
It was found that PHP did not properly handle file names with a NULL
character. A remote attacker could possibly use this flaw to make a PHP
script access unexpected files and bypass intended file system access
restrictions. (CVE-2006-7243)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
";
tag_affected = "php on CentOS 5";
tag_solution = "Please Install the Updated Packages.";
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name: "CESA", value: "2014:0311");
script_xref(name: "URL" , value: "http://lists.centos.org/pipermail/centos-announce/2014-March/020214.html");
script_summary("Check for the Version of php");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"php", rpm:"php~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-bcmath", rpm:"php-bcmath~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-cli", rpm:"php-cli~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-common", rpm:"php-common~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-dba", rpm:"php-dba~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-devel", rpm:"php-devel~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-gd", rpm:"php-gd~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-imap", rpm:"php-imap~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-mbstring", rpm:"php-mbstring~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-ncurses", rpm:"php-ncurses~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-pdo", rpm:"php-pdo~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-snmp", rpm:"php-snmp~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-soap", rpm:"php-soap~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-xml", rpm:"php-xml~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-xmlrpc", rpm:"php-xmlrpc~5.1.6~44.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo