Vulnerabilities > CVE-2005-3392 - Unspecified vulnerability in PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php
nessus

Summary

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2006-001.NASL
    descriptionThe remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apache_mod_php automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication
    last seen2020-06-01
    modified2020-06-02
    plugin id20990
    published2006-03-02
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20990
    titleMac OS X Multiple Vulnerabilities (Security Update 2006-001)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(20990);
     script_version("1.23");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    
     script_cve_id("CVE-2005-2713", "CVE-2005-2714", "CVE-2005-3319", "CVE-2005-3353", "CVE-2005-3391",
                   "CVE-2005-3392", "CVE-2005-3706", "CVE-2005-3712", "CVE-2005-4217", "CVE-2005-4504",
                   "CVE-2006-0383", "CVE-2006-0384", "CVE-2006-0386", "CVE-2006-0387", "CVE-2006-0388",
                   "CVE-2006-0389", "CVE-2006-0391", "CVE-2006-0395", "CVE-2006-0848");
     script_bugtraq_id(16736, 16907);
    
     script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2006-001)");
     script_summary(english:"Check for Security Update 2006-001");
    
     script_set_attribute(attribute:"synopsis", value:"The remote operating system is missing a vendor-supplied patch.");
     script_set_attribute(attribute:"description", value:
    "The remote host is running Apple Mac OS X, but lacks
    Security Update 2006-001.
    
    This security update contains fixes for the following
    applications :
    
    apache_mod_php
    automount
    Bom
    Directory Services
    iChat
    IPSec
    LaunchServices
    LibSystem
    loginwindow
    Mail
    rsync
    Safari
    Syndication");
     script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=303382");
     script_set_attribute(attribute:"solution", value:
    "Mac OS X 10.4 :
    http://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html
    http://www.apple.com/support/downloads/securityupdate2006001macosx1045intel.html
    
    Mac OS X 10.3 :
    http://www.apple.com/support/downloads/securityupdate20060011039client.html
    http://www.apple.com/support/downloads/securityupdate20060011039server.html");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
     script_set_attribute(attribute:"metasploit_name", value:'Safari Archive Metadata Command Execution');
     script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
     script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/21");
     script_set_attribute(attribute:"patch_publication_date", value:"2006/03/03");
     script_set_attribute(attribute:"plugin_publication_date", value:"2006/03/02");
    
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
    
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    
    uname = get_kb_item("Host/uname");
    if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-5]\.)", string:uname) )
    {
      if (!egrep(pattern:"^SecUpd(Srvr)?(2006-00[123467]|2007-003)", string:packages)) security_hole(0);
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-232-1.NASL
    descriptionEric Romang discovered a local Denial of Service vulnerability in the handling of the
    last seen2020-06-01
    modified2020-06-02
    plugin id20776
    published2006-01-21
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20776
    titleUbuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-232-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20776);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2005-3319", "CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2005-3391", "CVE-2005-3392", "CVE-2005-3883");
      script_bugtraq_id(15248, 15249, 15250);
      script_xref(name:"USN", value:"232-1");
    
      script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Eric Romang discovered a local Denial of Service vulnerability in the
    handling of the 'session.save_path' parameter in PHP's Apache 2.0
    module. By setting this parameter to an invalid value in an .htaccess
    file, a local user could crash the Apache server. (CVE-2005-3319)
    
    A Denial of Service flaw was found in the EXIF module. By sending an
    image with specially crafted EXIF data to a PHP program that
    automatically evaluates them (e. g. a web gallery), a remote attacker
    could cause an infinite recursion in the PHP interpreter, which caused
    the web server to crash. (CVE-2005-3353)
    
    Stefan Esser reported a Cross Site Scripting vulnerability in the
    phpinfo() function. By tricking a user into retrieving a specially
    crafted URL to a PHP page that exposes phpinfo(), a remote attacker
    could inject arbitrary HTML or web script into the output page and
    possibly steal private data like cookies or session identifiers.
    (CVE-2005-3388)
    
    Stefan Esser discovered a vulnerability of the parse_str() function
    when it is called with just one argument. By calling such programs
    with specially crafted parameters, a remote attacker could enable the
    'register_globals' option which is normally turned off for security
    reasons. Once this option is enabled, the remote attacker could
    exploit other security flaws of PHP programs which are normally
    protected by 'register_globals' being deactivated. (CVE-2005-3389)
    
    Stefan Esser discovered that a remote attacker could overwrite the
    $GLOBALS array in PHP programs that allow file uploads and run with
    'register_globals' enabled. Depending on the particular application,
    this can lead to unexpected vulnerabilities. (CVE-2005-3390)
    
    The 'gd' image processing and cURL modules did not properly check
    processed file names against the 'open_basedir' and 'safe_mode'
    restrictions, which could be exploited to circumvent these
    limitations. (CVE-2005-3391)
    
    Another bypass of the 'open_basedir' and 'safe_mode' restrictions was
    found in virtual() function. A local attacker could exploit this to
    circumvent these restrictions with specially crafted PHP INI files
    when virtual Apache 2.0 hosts are used. (CVE-2005-3392)
    
    The mb_send_mail() function did not properly check its arguments for
    invalid embedded line breaks. By setting the 'To:' field of an email
    to a specially crafted value in a PHP web mail application, a remote
    attacker could inject arbitrary headers into the sent email.
    (CVE-2005-3883).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-domxml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mcal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mhash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-pear");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-sybase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-universe-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-xslt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mhash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sybase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xsl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"libapache2-mod-php4", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-cgi", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-curl", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-dev", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-domxml", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-gd", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-ldap", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-mcal", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-mhash", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-mysql", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-odbc", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-pear", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-recode", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-snmp", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-sybase", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"php4-xslt", pkgver:"4.3.8-3ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libapache-mod-php4", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libapache2-mod-php4", pkgver:"4.3.10-10ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4", pkgver:"4.3.10-10ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-cgi", pkgver:"4.3.10-10ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-cli", pkgver:"4.3.10-10ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-common", pkgver:"4.3.10-10ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-curl", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-dev", pkgver:"4.3.10-10ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-domxml", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-gd", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-imap", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-ldap", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-mcal", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-mhash", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-mysql", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-odbc", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-pear", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-recode", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-snmp", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-sybase", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-universe-common", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"php4-xslt", pkgver:"4.3.10-10ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libapache-mod-php4", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libapache2-mod-php4", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libapache2-mod-php5", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php-pear", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-cgi", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-cli", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-common", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-curl", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-dev", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-domxml", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-gd", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-ldap", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-mcal", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-mhash", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-mysql", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-odbc", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-pear", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-pgsql", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-recode", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-snmp", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-sybase", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php4-xslt", pkgver:"4.4.0-3ubuntu1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-cgi", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-cli", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-common", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-curl", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-dev", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-gd", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-ldap", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-mhash", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-mysql", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-odbc", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-pgsql", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-recode", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-snmp", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-sqlite", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-sybase", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-xmlrpc", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"php5-xsl", pkgver:"5.0.5-2ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache-mod-php4 / libapache2-mod-php4 / libapache2-mod-php5 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_069.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5). Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well.
    last seen2019-10-28
    modified2005-12-20
    plugin id20335
    published2005-12-20
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20335
    titleSUSE-SA:2005:069: php4,php5
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:069
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(20335);
     script_version ("1.8");
     
     name["english"] = "SUSE-SA:2005:069: php4,php5";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5).
    
    
    Updated PHP packages fix the following security issues:
    
    - Stefan Esser found out that a bug in parse_str() could lead to
    activation of register_globals (CVE-2005-3389) and additionally
    that file uploads could overwrite $GLOBALS (CVE-2005-3390)
    
    - Bugs in the exif code could lead to a crash (CVE-2005-3353)
    
    - Missing safe_mode checks in image processing code and cURL
    functions allowed to bypass safe_mode and open_basedir
    (CVE-2005-3391)
    
    - Information leakage via the virtual() function (CVE-2005-3392)
    
    - Missing input sanitation in the mb_send_mail() function
    potentially allowed to inject arbitrary mail headers
    (CVE-2005-3883)
    
    The previous security update for php caused crashes when mod_rewrite
    was used. The updated packages fix that problem as well." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/advisories/2005_14_sa.html" );
     script_set_attribute(attribute:"risk_factor", value:"Medium" );
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/20");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the php4,php5 package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"apache2-mod_php4-4.4.0-6.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php5-5.0.4-9.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-4.4.0-6.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-exif-4.4.0-6.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-fastcgi-4.4.0-6.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-mbstring-4.4.0-6.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-servlet-4.4.0-6.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-5.0.4-9.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-exif-5.0.4-9.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-fastcgi-5.0.4-9.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-mbstring-5.0.4-9.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-pear-5.0.4-9.6", release:"SUSE10.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php4-4.3.3-201", release:"SUSE9.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-4.3.3-201", release:"SUSE9.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-aolserver-4.3.3-201", release:"SUSE9.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-core-4.3.3-201", release:"SUSE9.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-devel-4.3.3-201", release:"SUSE9.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-servlet-4.3.3-201", release:"SUSE9.0") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php4-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-core-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-servlet-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-devel-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-exif-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-fastcgi-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-imap-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-mbstring-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-mysql-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-pear-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-recode-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-servlet-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-session-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-sysvshm-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-wddx-4.3.4-43.46.8", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-devel-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-exif-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-mbstring-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-pear-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-session-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.19", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-devel-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-exif-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-mbstring-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-pear-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-session-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-devel-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-exif-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-mbstring-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-pear-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-sysvmsg-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-sysvshm-5.0.3-14.16", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200511-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200511-08 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been found and fixed in PHP: a possible $GLOBALS variable overwrite problem through file upload handling, extract() and import_request_variables() (CVE-2005-3390) a local Denial of Service through the use of the session.save_path option (CVE-2005-3319) an issue with trailing slashes in allowed basedirs (CVE-2005-3054) an issue with calling virtual() on Apache 2, allowing to bypass safe_mode and open_basedir restrictions (CVE-2005-3392) a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls (CVE-2005-3389) The curl and gd modules allowed to bypass the safe mode open_basedir restrictions (CVE-2005-3391) a cross-site scripting (XSS) vulnerability in phpinfo() (CVE-2005-3388) Impact : Attackers could leverage these issues to exploit applications that are assumed to be secure through the use of proper register_globals, safe_mode or open_basedir parameters. Remote attackers could also conduct cross-site scripting attacks if a page calling phpinfo() was available. Finally, a local attacker could cause a local Denial of Service using malicious session.save_path options. Workaround : There is no known workaround that would solve all issues at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20195
    published2005-11-15
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20195
    titleGLSA-200511-08 : PHP: Multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-213.NASL
    descriptionA number of vulnerabilities were discovered in PHP : An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1. An issue with the apache2handler SAPI in mod_php could allow an attacker to cause a Denial of Service via the session.save_path option in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue does not affect Corporate Server 2.1. A Denial of Service vulnerability was discovered in the way that PHP processes EXIF image data which could allow an attacker to cause PHP to crash by supplying carefully crafted EXIF image data (CVE-2005-3353). A cross-site scripting vulnerability was discovered in the phpinfo() function which could allow for the injection of JavaScript or HTML content onto a page displaying phpinfo() output, or to steal data such as cookies (CVE-2005-3388). A flaw in the parse_str() function could allow for the enabling of register_globals, even if it was disabled in the PHP configuration file (CVE-2005-3389). A vulnerability in the way that PHP registers global variables during a file upload request could allow a remote attacker to overwrite the $GLOBALS array which could potentially lead the execution of arbitrary PHP commands. This vulnerability only affects systems with register_globals enabled (CVE-2005-3390). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using
    last seen2020-06-01
    modified2020-06-02
    plugin id20445
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20445
    titleMandrake Linux Security Advisory : php (MDKSA-2005:213)

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementWe do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1