Vulnerabilities > CVE-2003-0860 - Unspecified vulnerability in PHP

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
php
critical
nessus

Summary

Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-001.NASL
    descriptionhe remote host is missing Security Update 2005-001. This security update contains a number of fixes for the following programs : - at commands - ColorSync - libxml2 - Mail - PHP - Safari - SquirrelMail These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id16251
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16251
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-001)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    if ( NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(16251);
     script_version ("1.21");
     script_cve_id("CVE-2005-0125", "CVE-2005-0126", "CVE-2004-0989", "CVE-2005-0127", "CVE-2003-0860", 
                   "CVE-2003-0863", "CVE-2004-0594", "CVE-2004-0595", "CVE-2004-1018", "CVE-2004-1019", 
                   "CVE-2004-1020", "CVE-2004-1063", "CVE-2004-1064", "CVE-2004-1065", "CVE-2004-1314", 
                   "CVE-2004-1036");
     script_bugtraq_id(12367, 12366, 12297, 11857);
    
     script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-001)");
     script_summary(english:"Check for Security Update 2005-001");
    
     script_set_attribute( attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes a security
    issue." );
     script_set_attribute(attribute:"description",   value:
    "he remote host is missing Security Update 2005-001. This security
    update contains a number of fixes for the following programs :
    
      - at commands
      - ColorSync
      - libxml2
      - Mail
      - PHP
      - Safari
      - SquirrelMail
    
    These programs have multiple vulnerabilities which may allow a remote
    attacker to execute arbitrary code." );
     script_set_attribute(
       attribute:"see_also",
       value:"http://support.apple.com/kb/TA22859"
     );
     script_set_attribute(
       attribute:"solution", 
       value:"Install Security Update 2005-001."
     );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploited_by_malware", value:"true");
     script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
     script_set_attribute(attribute:"canvas_package", value:'CANVAS');
     script_cwe_id(20);
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/01/26");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/07/16");
     script_set_attribute(attribute:"patch_publication_date", value: "2005/01/26");
     script_cvs_date("Date: 2018/07/14  1:59:35");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
     script_end_attributes();
     
     script_category(ACT_GATHER_INFO);
     script_family(english:"MacOS X Local Security Checks");
    
     script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
    
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    # MacOS X 10.2.8, 10.3.7 only
    if ( egrep(pattern:"Darwin.* (6\.8\.|7\.7\.)", string:uname) )
    {
      if ( ! egrep(pattern:"^SecUpd(Srvr)?2005-001", string:packages) ) security_hole(0);
    	else non_vuln = 1;
    }
    else if ( egrep(pattern:"Darwin.* (6\.9|[0-9][0-9]\.|7\.([8-9]\.|[0-9][0-9]\.))", string:uname) ) non_vuln = 1;
    
    if ( non_vuln )
    {
     list = make_list("CVE-2005-0125", "CVE-2005-0126", "CVE-2004-0989", "CVE-2005-0127", "CVE-2003-0860", "CVE-2003-0863", "CVE-2004-0594", "CVE-2004-0595", "CVE-2004-1018", "CVE-2004-1019", "CVE-2004-1020", "CVE-2004-1063", "CVE-2004-1064", "CVE-2004-1065", "CVE-2004-1314", "CVE-2004-1036");
     foreach cve (list) set_kb_item(name:cve, value:TRUE);
    }
    
  • NASL familyCGI abuses
    NASL idPHP4_MULTIPLE_FLAWS.NASL
    descriptionThe remote host is running a version of PHP that is older than 4.3.3. All versions of PHP 4 older than 4.3.3 contain multiple integer overflow vulnerabilities that may allow an attacker to execute arbitrary commands on this host. Another problem may also invalidate safe_mode.
    last seen2020-06-01
    modified2020-06-02
    plugin id11850
    published2003-09-24
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11850
    titlePHP < 4.3.3 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # Ref:
    # http://www.securityfocus.com/advisories/5887
    # http://www.php.net/ChangeLog-4.php
    #
    
    
    include("compat.inc");
    
    if(description)
    {
      script_id(11850);
      script_version("1.34");
      script_cvs_date("Date: 2018/07/24 18:56:10");
    
      script_cve_id("CVE-2002-1396", "CVE-2003-0442", "CVE-2003-0860", "CVE-2003-0861");
      script_bugtraq_id(
        6488, 
        7761, 
        8693, 
        8696
      );
      script_xref(name:"RHSA", value:"2003:204-01");
      script_xref(name:"SuSE", value:"SUSE-SA:2003:0009");
    
      script_name(english:"PHP < 4.3.3 Multiple Vulnerabilities");
      script_summary(english:"Checks for version of PHP");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"Arbitrary code may be run on the remote server."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote host is running a version of PHP that is older than 4.3.3.
    
    All versions of PHP 4 older than 4.3.3 contain multiple integer
    overflow vulnerabilities that may allow an attacker to execute
    arbitrary commands on this host.  Another problem may also invalidate
    safe_mode."
      );
      script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-4.php");
      script_set_attribute(attribute:"solution", value:"Upgrade to PHP 4.3.3.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2003/09/24");
      script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/27");
     
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe",value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
    
      script_dependencies("php_version.nasl");
      script_require_ports("Services/www", 80);
      script_require_keys("www/PHP");
     
      exit(0);
    }
    
    #
    # The script code starts here
    #
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("audit.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    if (version =~ "^4\.[0-2]\." ||
        version =~ "^4\.3\.[0-2]($|[^0-9])"
    )
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source     : '+source +
          '\n  Installed version  : '+version+
          '\n  Fixed version      : 4.3.3\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementWe do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1