Vulnerabilities > CVE-2005-2498 - Code Injection vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_049.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:049 (php4, php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - A integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491) last seen 2019-10-28 modified 2005-10-05 plugin id 19928 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19928 title SUSE-SA:2005:049: php4, php5 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:049 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(19928); script_version ("1.8"); name["english"] = "SUSE-SA:2005:049: php4, php5"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:049 (php4, php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - A integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491)" ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_49_php.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/10/05"); script_end_attributes(); summary["english"] = "Check for the version of the php4, php5 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"apache2-mod_php4-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-aolserver-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-devel-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-mysql-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-recode-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-sysvmsg-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-sysvshm-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-21.NASL description The remote host is affected by the vulnerability described in GLSA-200508-21 (phpWebSite: Arbitrary command execution through XML-RPC and SQL injection) phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, last seen 2020-06-01 modified 2020-06-02 plugin id 19574 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19574 title GLSA-200508-21 : phpWebSite: Arbitrary command execution through XML-RPC and SQL injection code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200508-21. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19574); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-2498"); script_xref(name:"GLSA", value:"200508-21"); script_name(english:"GLSA-200508-21 : phpWebSite: Arbitrary command execution through XML-RPC and SQL injection"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200508-21 (phpWebSite: Arbitrary command execution through XML-RPC and SQL injection) phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, 'matrix_killer' reported that phpWebSite is vulnerable to a SQL injection attack. Impact : A malicious remote user could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document, and also inject SQL commands to access the underlying database directly. Workaround : There is no known workaround at this time." ); # http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0497.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a3ab6f87" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200508-21" ); script_set_attribute( attribute:"solution", value: "All phpWebSite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/phpwebsite-0.10.2_rc2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:phpwebsite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/phpwebsite", unaffected:make_list("ge 0.10.2_rc2"), vulnerable:make_list("lt 0.10.2_rc2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpWebSite"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-789.NASL description Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. - CAN-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements. last seen 2020-06-01 modified 2020-06-02 plugin id 19532 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19532 title Debian DSA-789-1 : php4 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-789. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(19532); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-1751", "CVE-2005-1759", "CVE-2005-1921", "CVE-2005-2498"); script_xref(name:"DSA", value:"789"); script_name(english:"Debian DSA-789-1 : php4 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. - CAN-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323366" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-789" ); script_set_attribute( attribute:"solution", value: "Upgrade the PHP packages. For the old stable distribution (woody) these problems have been fixed in version 4.1.2-7.woody5. For the stable distribution (sarge) these problems have been fixed in version 4.3.10-16." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'PHP XML-RPC Arbitrary Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"caudium-php4", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-cgi", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-curl", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-dev", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-domxml", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-gd", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-imap", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-ldap", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-mcal", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-mhash", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-mysql", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-odbc", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-pear", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-recode", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-snmp", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-sybase", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.0", prefix:"php4-xslt", reference:"4.1.2-7.woody5")) flag++; if (deb_check(release:"3.1", prefix:"libapache-mod-php4", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"libapache2-mod-php4", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-cgi", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-cli", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-common", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-curl", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-dev", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-domxml", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-gd", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-imap", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-ldap", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-mcal", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-mhash", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-mysql", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-odbc", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-pear", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-recode", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-snmp", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-sybase", reference:"4.3.10-16")) flag++; if (deb_check(release:"3.1", prefix:"php4-xslt", reference:"4.3.10-16")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-748.NASL description Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the last seen 2020-06-01 modified 2020-06-02 plugin id 21960 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21960 title CentOS 3 / 4 : php (CESA-2005:748) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:748 and # CentOS Errata and Security Advisory 2005:748 respectively. # include("compat.inc"); if (description) { script_id(21960); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-2498"); script_xref(name:"RHSA", value:"2005:748"); script_name(english:"CentOS 3 / 4 : php (CESA-2005:748)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2498 to this issue. When using the default SELinux 'targeted' policy on Red Hat Enterprise Linux 4, the impact of this issue is reduced since the scripts executed by PHP are constrained within the httpd_sys_script_t security context. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues." ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012067.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0b97ebaa" ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012068.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4dfaa41c" ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012073.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?624f7398" ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012074.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?49013789" ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012075.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d34e124a" ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012076.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7f917bd9" ); script_set_attribute(attribute:"solution", value:"Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-domxml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/15"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"php-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"php-4.3.2-25.ent")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"php-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"php-devel-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"php-devel-4.3.2-25.ent")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"php-devel-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"php-imap-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"php-imap-4.3.2-25.ent")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"php-imap-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"php-ldap-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"php-ldap-4.3.2-25.ent")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"php-ldap-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"php-mysql-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"php-mysql-4.3.2-25.ent")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"php-mysql-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"php-odbc-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"php-odbc-4.3.2-25.ent")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"php-odbc-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"php-pgsql-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"php-pgsql-4.3.2-25.ent")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"php-pgsql-4.3.2-25.ent.centos.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-devel-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-domxml-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-gd-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-imap-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-ldap-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-mbstring-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-mysql-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-ncurses-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-odbc-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-pear-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-pgsql-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-snmp-4.3.9-3.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-xmlrpc-4.3.9-3.8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-251-04.NASL description A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP last seen 2020-06-01 modified 2020-06-02 plugin id 19863 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19863 title Slackware 10.1 : php5 in Slackware 10.1 (SSA:2005-251-04) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2005-251-04. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(19863); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2005-2491", "CVE-2005-2498"); script_bugtraq_id(14620); script_xref(name:"SSA", value:"2005-251-04"); script_name(english:"Slackware 10.1 : php5 in Slackware 10.1 (SSA:2005-251-04)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval() function. The eval() function is believed to be insecure as implemented, and would be difficult to secure. Note that this new package now requires that the PCRE package be installed, so be sure to get the new package from the patches/packages/ directory if you don't already have it." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.417239 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2a6e7a6d" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (slackware_check(osver:"10.1", pkgname:"php", pkgarch:"i486", pkgver:"5.0.5", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_051.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:051 (php4,php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - An integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491) Please note: last seen 2019-10-28 modified 2005-10-05 plugin id 19930 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19930 title SUSE-SA:2005:051: php4,php5 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:051 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(19930); script_version ("1.8"); name["english"] = "SUSE-SA:2005:051: php4,php5"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:051 (php4,php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - An integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491) Please note:" ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_51_php.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/10/05"); script_end_attributes(); summary["english"] = "Check for the version of the php4,php5 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"apache2-mod_php4-4.3.3-196", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-4.3.3-196", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-aolserver-4.3.3-196", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.3-196", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-devel-4.3.3-196", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.3-196", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-mysql-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-recode-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.4-43.44", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.14", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-5.0.3-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.3-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.3-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.3-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-sysvmsg-5.0.3-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-sysvshm-5.0.3-14.11", release:"SUSE9.3") ) { security_hole(0); exit(0); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-840.NASL description Stefan Esser of the Hardened-PHP Project reported a serious vulnerability in the third-party XML-RPC library included with some Drupal versions. An attacker could execute arbitrary PHP code on a target site. This update pulls in the latest XML-RPC version from upstream. last seen 2020-06-01 modified 2020-06-02 plugin id 19809 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19809 title Debian DSA-840-1 : drupal - missing input sanitising code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-840. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(19809); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2005-2498"); script_xref(name:"DSA", value:"840"); script_name(english:"Debian DSA-840-1 : drupal - missing input sanitising"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Stefan Esser of the Hardened-PHP Project reported a serious vulnerability in the third-party XML-RPC library included with some Drupal versions. An attacker could execute arbitrary PHP code on a target site. This update pulls in the latest XML-RPC version from upstream." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-840" ); script_set_attribute( attribute:"solution", value: "Upgrade the drupal package. The old stable distribution (woody) is not affected by this problem since no drupal is included. For the stable distribution (sarge) this problem has been fixed in version 4.5.3-4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:drupal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"drupal", reference:"4.5.3-4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-14.NASL description The remote host is affected by the vulnerability described in GLSA-200508-14 (TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC) The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Impact : A remote attacker could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document to TikiWiki or eGroupWare. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19534 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19534 title GLSA-200508-14 : TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200508-14. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19534); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-2498"); script_xref(name:"GLSA", value:"200508-14"); script_name(english:"GLSA-200508-14 : TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200508-14 (TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC) The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Impact : A remote attacker could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document to TikiWiki or eGroupWare. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200508-14" ); script_set_attribute( attribute:"solution", value: "All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/tikiwiki-1.8.5-r2' All eGroupWare users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/egroupware-1.0.0.009'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:egroupware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tikiwiki"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/egroupware", unaffected:make_list("ge 1.0.0.009"), vulnerable:make_list("lt 1.0.0.009"))) flag++; if (qpkg_check(package:"www-apps/tikiwiki", unaffected:make_list("ge 1.8.5-r2"), vulnerable:make_list("lt 1.8.5-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "TikiWiki / eGroupWare"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-19.NASL description The remote host is affected by the vulnerability described in GLSA-200509-19 (PHP: Vulnerabilities in included PCRE and XML-RPC libraries) PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Impact : An attacker could target a PHP-based web application that would use untrusted data as regular expressions, potentially resulting in the execution of arbitrary code. If web applications make use of the XML-RPC library shipped with PHP, they are also vulnerable to remote execution of arbitrary PHP code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19818 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19818 title GLSA-200509-19 : PHP: Vulnerabilities in included PCRE and XML-RPC libraries code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200509-19. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19818); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-2491", "CVE-2005-2498"); script_bugtraq_id(14620); script_xref(name:"GLSA", value:"200509-19"); script_name(english:"GLSA-200509-19 : PHP: Vulnerabilities in included PCRE and XML-RPC libraries"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200509-19 (PHP: Vulnerabilities in included PCRE and XML-RPC libraries) PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Impact : An attacker could target a PHP-based web application that would use untrusted data as regular expressions, potentially resulting in the execution of arbitrary code. If web applications make use of the XML-RPC library shipped with PHP, they are also vulnerable to remote execution of arbitrary PHP code. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200508-13" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200508-17" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200509-19" ); script_set_attribute( attribute:"solution", value: "All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php All mod_php users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/mod_php All php-cgi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php-cgi" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mod_php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php-cgi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-php/php-cgi", unaffected:make_list("rge 4.3.11-r2", "ge 4.4.0-r2"), vulnerable:make_list("lt 4.4.0-r2"))) flag++; if (qpkg_check(package:"dev-php/php", unaffected:make_list("rge 4.3.11-r1", "ge 4.4.0-r1"), vulnerable:make_list("lt 4.4.0-r1"))) flag++; if (qpkg_check(package:"dev-php/mod_php", unaffected:make_list("rge 4.3.11-r1", "ge 4.4.0-r2"), vulnerable:make_list("lt 4.4.0-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2005-809.NASL description This update includes the latest upstream version of the PEAR XML_RPC package, which fixes a security issue in request parsing in the XML_RPC Server code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2498 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19667 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19667 title Fedora Core 3 : php-4.3.11-2.7 (2005-809) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-171-1.NASL description CAN-2005-1751 : The php4-dev package ships a copy of the last seen 2020-06-01 modified 2020-06-02 plugin id 20578 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20578 title Ubuntu 4.10 / 5.04 : php4 vulnerabilities (USN-171-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-748.NASL description Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the last seen 2020-06-01 modified 2020-06-02 plugin id 19491 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19491 title RHEL 3 / 4 : php (RHSA-2005:748) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E65AD1BF0D8B11DA90D000304823C0D3.NASL description A Hardened-PHP Project Security Advisory reports : When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code. This new injection vulnerability is cause by not properly handling the situation, when certain XML tags are nested in the parsed document, that were never meant to be nested at all. This can be easily exploited in a way, that user-input is placed outside of string delimiters within the evaluation string, which obviously results in arbitrary code execution. Note that several applications contains an embedded version on XML_RPC, therefor making them the vulnerable to the same code injection vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 21527 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21527 title FreeBSD : pear-XML_RPC -- remote PHP code injection vulnerability (e65ad1bf-0d8b-11da-90d0-00304823c0d3) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-842.NASL description Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval() statements. last seen 2020-06-01 modified 2020-06-02 plugin id 19846 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19846 title Debian DSA-842-1 : egroupware - missing input sanitising NASL family Debian Local Security Checks NASL id DEBIAN_DSA-798.NASL description Several vulnerabilities have been discovered in phpgroupware, a web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements. The XMLRPC component has been disabled. - CAN-2005-2600 Alexander Heidenreich discovered a cross-site scripting problem in the tree view of FUD Forum Bulletin Board Software, which is also present in phpgroupware. - CAN-2005-2761 A global cross-site scripting fix has also been included that protects against potential malicious scripts embedded in CSS and xmlns in various parts of the application and modules. This update also contains a postinst bugfix that has been approved for the next update to the stable release. last seen 2020-06-01 modified 2020-06-02 plugin id 19568 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19568 title Debian DSA-798-1 : phpgroupware - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2005-810.NASL description This update includes the latest upstream version of the PEAR XML_RPC package, which fixes a security issue in request parsing in the XML_RPC Server code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2498 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19668 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19668 title Fedora Core 4 : php-5.0.4-10.4 (2005-810) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-20.NASL description The remote host is affected by the vulnerability described in GLSA-200508-20 (phpGroupWare: Multiple vulnerabilities) phpGroupWare improperly validates the last seen 2020-06-01 modified 2020-06-02 plugin id 19573 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19573 title GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities NASL family CGI abuses NASL id PHPADSNEW_206.NASL description The remote host is running phpAdsNew / phpPgAds, an open source banner ad server. The version of phpAdsNews / phpPgAds installed on the remote host suffers from several flaws : - Remote PHP Code Injection Vulnerability The XML-RPC library bundled with the application allows an attacker to inject arbitrary PHP code via the last seen 2020-06-01 modified 2020-06-02 plugin id 19518 published 2005-08-29 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19518 title phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-18.NASL description The remote host is affected by the vulnerability described in GLSA-200508-18 (PhpWiki: Arbitrary command execution through XML-RPC) Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Impact : A remote attacker could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document to PhpWiki. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19538 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19538 title GLSA-200508-18 : PhpWiki: Arbitrary command execution through XML-RPC NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-146.NASL description A problem was discovered in the PEAR XML-RPC Server package included in the php-pear package. If a PHP script which implements the XML-RPC Server is used, it would be possible for a remote attacker to construct an XML-RPC request which would cause PHP to execute arbitrary commands as the last seen 2020-06-01 modified 2020-06-02 plugin id 19902 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19902 title Mandrake Linux Security Advisory : php-pear (MDKSA-2005:146) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-13.NASL description The remote host is affected by the vulnerability described in GLSA-200508-13 (PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability) Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags. Impact : A remote attacker could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document to web applications making use of these libraries. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19533 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19533 title GLSA-200508-13 : PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-242-02.NASL description New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP last seen 2020-06-01 modified 2020-06-02 plugin id 19859 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19859 title Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2005-242-02)
Oval
accepted | 2013-04-29T04:20:20.282-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:9569 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://www.hardened-php.net/advisory_152005.67.html
- http://www.redhat.com/support/errata/RHSA-2005-748.html
- http://www.debian.org/security/2005/dsa-798
- http://www.debian.org/security/2005/dsa-789
- http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
- http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
- http://secunia.com/advisories/16431
- http://secunia.com/advisories/16432
- http://secunia.com/advisories/16441
- http://secunia.com/advisories/16460
- http://secunia.com/advisories/16465
- http://secunia.com/advisories/16468
- http://secunia.com/advisories/16469
- http://secunia.com/advisories/16491
- http://secunia.com/advisories/16550
- http://secunia.com/advisories/16558
- http://secunia.com/advisories/16563
- http://secunia.com/advisories/16619
- http://secunia.com/advisories/16635
- http://secunia.com/advisories/16693
- http://secunia.com/advisories/16976
- http://secunia.com/advisories/17440
- http://www.debian.org/security/2005/dsa-840
- http://www.debian.org/security/2005/dsa-842
- http://secunia.com/advisories/17053
- http://secunia.com/advisories/17066
- http://www.securityfocus.com/archive/1/408125
- http://www.securityfocus.com/bid/14560
- http://www.novell.com/linux/security/advisories/2005_49_php.html
- http://marc.info/?l=bugtraq&m=112412415822890&w=2
- http://marc.info/?l=bugtraq&m=112431497300344&w=2
- http://marc.info/?l=bugtraq&m=112605112027335&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569