Vulnerabilities > CVE-2005-3392 - Unspecified vulnerability in PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
Vulnerable Configurations
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2006-001.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apache_mod_php automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication last seen 2020-06-01 modified 2020-06-02 plugin id 20990 published 2006-03-02 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20990 title Mac OS X Multiple Vulnerabilities (Security Update 2006-001) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(20990); script_version("1.23"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-2713", "CVE-2005-2714", "CVE-2005-3319", "CVE-2005-3353", "CVE-2005-3391", "CVE-2005-3392", "CVE-2005-3706", "CVE-2005-3712", "CVE-2005-4217", "CVE-2005-4504", "CVE-2006-0383", "CVE-2006-0384", "CVE-2006-0386", "CVE-2006-0387", "CVE-2006-0388", "CVE-2006-0389", "CVE-2006-0391", "CVE-2006-0395", "CVE-2006-0848"); script_bugtraq_id(16736, 16907); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2006-001)"); script_summary(english:"Check for Security Update 2006-001"); script_set_attribute(attribute:"synopsis", value:"The remote operating system is missing a vendor-supplied patch."); script_set_attribute(attribute:"description", value: "The remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apache_mod_php automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication"); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=303382"); script_set_attribute(attribute:"solution", value: "Mac OS X 10.4 : http://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html http://www.apple.com/support/downloads/securityupdate2006001macosx1045intel.html Mac OS X 10.3 : http://www.apple.com/support/downloads/securityupdate20060011039client.html http://www.apple.com/support/downloads/securityupdate20060011039server.html"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Safari Archive Metadata Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/21"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/03/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-5]\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?(2006-00[123467]|2007-003)", string:packages)) security_hole(0); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-232-1.NASL description Eric Romang discovered a local Denial of Service vulnerability in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 20776 published 2006-01-21 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20776 title Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-232-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20776); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-3319", "CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2005-3391", "CVE-2005-3392", "CVE-2005-3883"); script_bugtraq_id(15248, 15249, 15250); script_xref(name:"USN", value:"232-1"); script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.save_path' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. (CVE-2005-3319) A Denial of Service flaw was found in the EXIF module. By sending an image with specially crafted EXIF data to a PHP program that automatically evaluates them (e. g. a web gallery), a remote attacker could cause an infinite recursion in the PHP interpreter, which caused the web server to crash. (CVE-2005-3353) Stefan Esser reported a Cross Site Scripting vulnerability in the phpinfo() function. By tricking a user into retrieving a specially crafted URL to a PHP page that exposes phpinfo(), a remote attacker could inject arbitrary HTML or web script into the output page and possibly steal private data like cookies or session identifiers. (CVE-2005-3388) Stefan Esser discovered a vulnerability of the parse_str() function when it is called with just one argument. By calling such programs with specially crafted parameters, a remote attacker could enable the 'register_globals' option which is normally turned off for security reasons. Once this option is enabled, the remote attacker could exploit other security flaws of PHP programs which are normally protected by 'register_globals' being deactivated. (CVE-2005-3389) Stefan Esser discovered that a remote attacker could overwrite the $GLOBALS array in PHP programs that allow file uploads and run with 'register_globals' enabled. Depending on the particular application, this can lead to unexpected vulnerabilities. (CVE-2005-3390) The 'gd' image processing and cURL modules did not properly check processed file names against the 'open_basedir' and 'safe_mode' restrictions, which could be exploited to circumvent these limitations. (CVE-2005-3391) Another bypass of the 'open_basedir' and 'safe_mode' restrictions was found in virtual() function. A local attacker could exploit this to circumvent these restrictions with specially crafted PHP INI files when virtual Apache 2.0 hosts are used. (CVE-2005-3392) The mb_send_mail() function did not properly check its arguments for invalid embedded line breaks. By setting the 'To:' field of an email to a specially crafted value in a PHP web mail application, a remote attacker could inject arbitrary headers into the sent email. (CVE-2005-3883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-domxml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mcal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mhash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-universe-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-xslt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mhash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"libapache2-mod-php4", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-cgi", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-curl", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-dev", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-domxml", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-gd", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-ldap", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-mcal", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-mhash", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-mysql", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-odbc", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-pear", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-recode", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-snmp", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-sybase", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-xslt", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libapache-mod-php4", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libapache2-mod-php4", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-cgi", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-cli", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-common", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-curl", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-dev", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-domxml", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-gd", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-imap", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-ldap", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-mcal", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-mhash", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-mysql", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-odbc", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-pear", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-recode", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-snmp", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-sybase", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-universe-common", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-xslt", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libapache-mod-php4", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libapache2-mod-php4", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libapache2-mod-php5", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php-pear", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-cgi", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-cli", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-common", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-curl", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-dev", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-domxml", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-gd", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-ldap", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-mcal", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-mhash", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-mysql", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-odbc", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-pear", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-pgsql", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-recode", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-snmp", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-sybase", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-xslt", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-cgi", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-cli", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-common", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-curl", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-dev", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-gd", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-ldap", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-mhash", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-mysql", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-odbc", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-pgsql", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-recode", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-snmp", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-sqlite", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-sybase", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-xmlrpc", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-xsl", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache-mod-php4 / libapache2-mod-php4 / libapache2-mod-php5 / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_069.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5). Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well. last seen 2019-10-28 modified 2005-12-20 plugin id 20335 published 2005-12-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20335 title SUSE-SA:2005:069: php4,php5 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:069 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(20335); script_version ("1.8"); name["english"] = "SUSE-SA:2005:069: php4,php5"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5). Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_14_sa.html" ); script_set_attribute(attribute:"risk_factor", value:"Medium" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/20"); script_end_attributes(); summary["english"] = "Check for the version of the php4,php5 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"apache2-mod_php4-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-aolserver-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-devel-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mysql-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-recode-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-sysvmsg-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-sysvshm-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200511-08.NASL description The remote host is affected by the vulnerability described in GLSA-200511-08 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been found and fixed in PHP: a possible $GLOBALS variable overwrite problem through file upload handling, extract() and import_request_variables() (CVE-2005-3390) a local Denial of Service through the use of the session.save_path option (CVE-2005-3319) an issue with trailing slashes in allowed basedirs (CVE-2005-3054) an issue with calling virtual() on Apache 2, allowing to bypass safe_mode and open_basedir restrictions (CVE-2005-3392) a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls (CVE-2005-3389) The curl and gd modules allowed to bypass the safe mode open_basedir restrictions (CVE-2005-3391) a cross-site scripting (XSS) vulnerability in phpinfo() (CVE-2005-3388) Impact : Attackers could leverage these issues to exploit applications that are assumed to be secure through the use of proper register_globals, safe_mode or open_basedir parameters. Remote attackers could also conduct cross-site scripting attacks if a page calling phpinfo() was available. Finally, a local attacker could cause a local Denial of Service using malicious session.save_path options. Workaround : There is no known workaround that would solve all issues at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20195 published 2005-11-15 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20195 title GLSA-200511-08 : PHP: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-213.NASL description A number of vulnerabilities were discovered in PHP : An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1. An issue with the apache2handler SAPI in mod_php could allow an attacker to cause a Denial of Service via the session.save_path option in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue does not affect Corporate Server 2.1. A Denial of Service vulnerability was discovered in the way that PHP processes EXIF image data which could allow an attacker to cause PHP to crash by supplying carefully crafted EXIF image data (CVE-2005-3353). A cross-site scripting vulnerability was discovered in the phpinfo() function which could allow for the injection of JavaScript or HTML content onto a page displaying phpinfo() output, or to steal data such as cookies (CVE-2005-3388). A flaw in the parse_str() function could allow for the enabling of register_globals, even if it was disabled in the PHP configuration file (CVE-2005-3389). A vulnerability in the way that PHP registers global variables during a file upload request could allow a remote attacker to overwrite the $GLOBALS array which could potentially lead the execution of arbitrary PHP commands. This vulnerability only affects systems with register_globals enabled (CVE-2005-3390). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using last seen 2020-06-01 modified 2020-06-02 plugin id 20445 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20445 title Mandrake Linux Security Advisory : php (MDKSA-2005:213)
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-30 |
organization | Red Hat |
statement | We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 |
References
- http://docs.info.apple.com/article.html?artnum=303382
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
- http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
- http://secunia.com/advisories/17371
- http://secunia.com/advisories/17510
- http://secunia.com/advisories/18054
- http://secunia.com/advisories/18198
- http://secunia.com/advisories/19064
- http://secunia.com/advisories/22691
- http://securityreason.com/securityalert/525
- http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
- http://www.osvdb.org/20897
- http://www.php.net/release_4_4_1.php
- http://www.securityfocus.com/archive/1/419504/100/0/threaded
- http://www.securityfocus.com/bid/15413
- http://www.securityfocus.com/bid/16907
- http://www.us-cert.gov/cas/techalerts/TA06-062A.html
- http://www.vupen.com/english/advisories/2005/2254
- http://www.vupen.com/english/advisories/2006/0791
- http://www.vupen.com/english/advisories/2006/4320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22924
- https://www.ubuntu.com/usn/usn-232-1/