Vulnerabilities > CVE-2005-3883 - Unspecified vulnerability in PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Php
| 36 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-232-1.NASL description Eric Romang discovered a local Denial of Service vulnerability in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 20776 published 2006-01-21 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20776 title Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-232-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20776); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-3319", "CVE-2005-3353", "CVE-2005-3388", "CVE-2005-3389", "CVE-2005-3390", "CVE-2005-3391", "CVE-2005-3392", "CVE-2005-3883"); script_bugtraq_id(15248, 15249, 15250); script_xref(name:"USN", value:"232-1"); script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.save_path' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. (CVE-2005-3319) A Denial of Service flaw was found in the EXIF module. By sending an image with specially crafted EXIF data to a PHP program that automatically evaluates them (e. g. a web gallery), a remote attacker could cause an infinite recursion in the PHP interpreter, which caused the web server to crash. (CVE-2005-3353) Stefan Esser reported a Cross Site Scripting vulnerability in the phpinfo() function. By tricking a user into retrieving a specially crafted URL to a PHP page that exposes phpinfo(), a remote attacker could inject arbitrary HTML or web script into the output page and possibly steal private data like cookies or session identifiers. (CVE-2005-3388) Stefan Esser discovered a vulnerability of the parse_str() function when it is called with just one argument. By calling such programs with specially crafted parameters, a remote attacker could enable the 'register_globals' option which is normally turned off for security reasons. Once this option is enabled, the remote attacker could exploit other security flaws of PHP programs which are normally protected by 'register_globals' being deactivated. (CVE-2005-3389) Stefan Esser discovered that a remote attacker could overwrite the $GLOBALS array in PHP programs that allow file uploads and run with 'register_globals' enabled. Depending on the particular application, this can lead to unexpected vulnerabilities. (CVE-2005-3390) The 'gd' image processing and cURL modules did not properly check processed file names against the 'open_basedir' and 'safe_mode' restrictions, which could be exploited to circumvent these limitations. (CVE-2005-3391) Another bypass of the 'open_basedir' and 'safe_mode' restrictions was found in virtual() function. A local attacker could exploit this to circumvent these restrictions with specially crafted PHP INI files when virtual Apache 2.0 hosts are used. (CVE-2005-3392) The mb_send_mail() function did not properly check its arguments for invalid embedded line breaks. By setting the 'To:' field of an email to a specially crafted value in a PHP web mail application, a remote attacker could inject arbitrary headers into the sent email. (CVE-2005-3883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-domxml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mcal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mhash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-universe-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-xslt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mhash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"libapache2-mod-php4", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-cgi", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-curl", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-dev", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-domxml", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-gd", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-ldap", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-mcal", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-mhash", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-mysql", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-odbc", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-pear", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-recode", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-snmp", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-sybase", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"php4-xslt", pkgver:"4.3.8-3ubuntu7.14")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libapache-mod-php4", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libapache2-mod-php4", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-cgi", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-cli", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-common", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-curl", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-dev", pkgver:"4.3.10-10ubuntu4.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-domxml", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-gd", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-imap", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-ldap", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-mcal", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-mhash", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-mysql", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-odbc", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-pear", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-recode", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-snmp", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-sybase", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-universe-common", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-xslt", pkgver:"4.3.10-10ubuntu3.6")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libapache-mod-php4", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libapache2-mod-php4", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libapache2-mod-php5", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php-pear", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-cgi", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-cli", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-common", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-curl", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-dev", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-domxml", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-gd", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-ldap", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-mcal", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-mhash", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-mysql", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-odbc", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-pear", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-pgsql", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-recode", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-snmp", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-sybase", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php4-xslt", pkgver:"4.4.0-3ubuntu1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-cgi", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-cli", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-common", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-curl", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-dev", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-gd", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-ldap", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-mhash", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-mysql", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-odbc", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-pgsql", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-recode", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-snmp", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-sqlite", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-sybase", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-xmlrpc", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-xsl", pkgver:"5.0.5-2ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache-mod-php4 / libapache2-mod-php4 / libapache2-mod-php5 / etc"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0276.NASL description Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996) The html_entity_decode() PHP function was found to not be binary safe. An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the last seen 2020-06-01 modified 2020-06-02 plugin id 21897 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21897 title CentOS 3 / 4 : php (CESA-2006:0276) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0276 and # CentOS Errata and Security Advisory 2006:0276 respectively. # include("compat.inc"); if (description) { script_id(21897); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2003-1303", "CVE-2005-2933", "CVE-2005-3883", "CVE-2006-0208", "CVE-2006-0996", "CVE-2006-1490"); script_bugtraq_id(15009); script_xref(name:"RHSA", value:"2006:0276"); script_name(english:"CentOS 3 / 4 : php (CESA-2006:0276)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996) The html_entity_decode() PHP function was found to not be binary safe. An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the 'html_entity_decode()' function with untrusted input from the user and displayed the result. (CVE-2006-1490) The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208) An input validation error was found in the 'mb_send_mail()' function. An attacker could use this flaw to inject arbitrary headers in a mail sent via a script calling the 'mb_send_mail()' function where the 'To' parameter can be controlled by the attacker. (CVE-2005-3883) A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. This issue only affected Red Hat Enterprise Linux 3. (CVE-2005-2933). Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues." ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012842.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bcbaf17b" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012843.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f9183d70" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012849.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d61c26ac" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012852.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?105562df" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012853.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e77e3a03" ); script_set_attribute(attribute:"solution", value:"Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-domxml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"php-4.3.2-30.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-devel-4.3.2-30.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-imap-4.3.2-30.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-ldap-4.3.2-30.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-mysql-4.3.2-30.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-odbc-4.3.2-30.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-pgsql-4.3.2-30.ent")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-devel-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-devel-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-domxml-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-domxml-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-gd-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-gd-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-imap-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-imap-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-ldap-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-ldap-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-mbstring-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-mbstring-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-mysql-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-mysql-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-ncurses-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-ncurses-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-odbc-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-odbc-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-pear-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-pear-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-pgsql-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-pgsql-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-snmp-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-snmp-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"php-xmlrpc-4.3.9-3.12")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"php-xmlrpc-4.3.9-3.12")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_069.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5). Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well. last seen 2019-10-28 modified 2005-12-20 plugin id 20335 published 2005-12-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20335 title SUSE-SA:2005:069: php4,php5 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:069 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(20335); script_version ("1.8"); name["english"] = "SUSE-SA:2005:069: php4,php5"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5). Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_14_sa.html" ); script_set_attribute(attribute:"risk_factor", value:"Medium" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/20"); script_end_attributes(); summary["english"] = "Check for the version of the php4,php5 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"apache2-mod_php4-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.4.0-6.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.4-9.6", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-aolserver-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-devel-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.3-201", release:"SUSE9.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mysql-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-recode-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.4-43.46.8", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.19", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-sysvmsg-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-sysvshm-5.0.3-14.16", release:"SUSE9.3") ) { security_warning(0); exit(0); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0276.NASL description Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996) The html_entity_decode() PHP function was found to not be binary safe. An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the last seen 2020-06-01 modified 2020-06-02 plugin id 21287 published 2006-04-26 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21287 title RHEL 3 / 4 : php (RHSA-2006:0276) NASL family CGI abuses NASL id PHP_5_1_0.NASL description According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.0. Such versions may be affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in phpinfo(). - Multiple safe_mode/open_basedir bypass vulnerabilities exist in ext/curl and ext/gd. - It is possible to overwrite $GLOBALS due to an issue in file upload handling, extract(), and import_request_variables(). - An issue exists when a request is terminated due to memory_limit constraints during certain parse_str() calls, which could lead to register globals being turned on. - An issue exists with trailing slashes in allowed basedirs. - An issue exists with calling virtual() on Apache 2, which allows an attacker to bypass certain configuration directives like safe_mode or open_basedir. - A possible header injection exists in the mb_send_mail() function. - The apache2handler SAPI in the Apache module allows attackers to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 17711 published 2011-11-18 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17711 title PHP 5.x < 5.1.0 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-238.NASL description A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the last seen 2020-06-01 modified 2020-06-02 plugin id 20469 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20469 title Mandrake Linux Security Advisory : php (MDKSA-2005:238)
Oval
accepted | 2013-04-29T04:04:43.807-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:10332 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
- http://bugs.php.net/bug.php?id=35307
- http://rhn.redhat.com/errata/RHSA-2006-0276.html
- http://secunia.com/advisories/17763
- http://secunia.com/advisories/18054
- http://secunia.com/advisories/18198
- http://secunia.com/advisories/19832
- http://secunia.com/advisories/20210
- http://secunia.com/advisories/20951
- http://securitytracker.com/id?1015296
- http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:238
- http://www.php.net/release_5_1_0.php
- http://www.securityfocus.com/archive/1/419504/100/0/threaded
- http://www.securityfocus.com/bid/15571
- http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
- http://www.vupen.com/english/advisories/2006/2685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23270
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10332
- https://www.ubuntu.com/usn/usn-232-1/