Vulnerabilities > CVE-2006-4481 - Input Validation vulnerability in PHP
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_052.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:052 (php4,php5). Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on September 20. The following security problems were fixed, with respective Mitre CVE ID: - The CURL module lacked checks for control characters (CVE-2006-2563) - A potential basedir evasion in the CURL module (CVE-2006-4483) - basedir and safemode evasion in the IMAP module (CVE-2006-4481) - str_repeat() contained an integer overflow (CVE-2006-4482) - GIF LZWReadByte overflow in the GD extension (CVE-2006-4484) - ext/wddx contained a buffer overflow - memory_limit() lacked checks for integer overflows - fixed memory overflow in foreach (CVE-2006-4482) - a bug in sscanf() could potentially be exploited to execute arbitrary code (CVE-2006-4020) last seen 2019-10-28 modified 2007-02-18 plugin id 24430 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24430 title SUSE-SA:2006:052: php4,php5 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:052 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24430); script_version ("1.9"); name["english"] = "SUSE-SA:2006:052: php4,php5"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2006:052 (php4,php5). Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on September 20. The following security problems were fixed, with respective Mitre CVE ID: - The CURL module lacked checks for control characters (CVE-2006-2563) - A potential basedir evasion in the CURL module (CVE-2006-4483) - basedir and safemode evasion in the IMAP module (CVE-2006-4481) - str_repeat() contained an integer overflow (CVE-2006-4482) - GIF LZWReadByte overflow in the GD extension (CVE-2006-4484) - ext/wddx contained a buffer overflow - memory_limit() lacked checks for integer overflows - fixed memory overflow in foreach (CVE-2006-4482) - a bug in sscanf() could potentially be exploited to execute arbitrary code (CVE-2006-4020)" ); script_set_attribute(attribute:"solution", value: "http://www.novell.com/linux/security/advisories/2006_52_php.html" ); script_set_attribute(attribute:"risk_factor", value:"Medium" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18"); script_end_attributes(); summary["english"] = "Check for the version of the php4,php5 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"apache2-mod_php4-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-curl-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-gd-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pgsql-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-unixODBC-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-bcmath-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-curl-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dom-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ftp-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-gd-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-iconv-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-imap-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ldap-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysql-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysqli-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pgsql-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-soap-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-wddx-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-xmlrpc-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-curl-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-gd-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pgsql-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-curl-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-gd-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pgsql-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-bcmath-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-curl-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dba-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dom-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ftp-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-gd-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-iconv-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-imap-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ldap-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysql-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysqli-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pgsql-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-soap-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-wddx-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-xmlrpc-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-342-1.NASL description The sscanf() function did not properly check array boundaries. In applications which use sscanf() with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application last seen 2020-06-01 modified 2020-06-02 plugin id 27921 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27921 title Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-342-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-342-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27921); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2006-4020", "CVE-2006-4481", "CVE-2006-4482", "CVE-2006-4484"); script_bugtraq_id(19415, 19582); script_xref(name:"USN", value:"342-1"); script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-342-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The sscanf() function did not properly check array boundaries. In applications which use sscanf() with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application's privileges. (CVE-2006-4020) The file_exists() and imap_reopen() functions did not perform proper open_basedir and safe_mode checks which could allow local scripts to bypass intended restrictions. (CVE-2006-4481) On 64 bit systems the str_repeat() and wordwrap() functions did not properly check buffer boundaries. Depending on the application, this could potentially be exploited to execute arbitrary code with the applications' privileges. This only affects the amd64 and sparc platforms. (CVE-2006-4482) A buffer overflow was discovered in the LWZReadByte_() function of the GIF image file parser. By tricking a PHP application into processing a specially crafted GIF image, a remote attacker could exploit this to execute arbitrary code with the application's privileges. (CVE-2006-4484). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/342-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php4-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mhash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-mysqli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04|5\.10|6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"libapache2-mod-php4", pkgver:"4:4.3.10-10ubuntu4.7")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4", pkgver:"4.3.10-10ubuntu4.7")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-cgi", pkgver:"4:4.3.10-10ubuntu4.7")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-cli", pkgver:"4:4.3.10-10ubuntu4.7")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-common", pkgver:"4.3.10-10ubuntu4.7")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"php4-dev", pkgver:"4.3.10-10ubuntu4.7")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libapache2-mod-php5", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-cgi", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-cli", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"php5-curl", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libapache2-mod-php5", pkgver:"5.1.2-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php-pear", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-cgi", pkgver:"5.1.2-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-cli", pkgver:"5.1.2-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-common", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-curl", pkgver:"5.1.2-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-dev", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-gd", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-ldap", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-mhash", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-mysql", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-mysqli", pkgver:"5.1.2-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-odbc", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-pgsql", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-recode", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-snmp", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-sqlite", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-sybase", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-xmlrpc", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"php5-xsl", pkgver:"5.0.5-2ubuntu1.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php4 / libapache2-mod-php5 / php-pear / php4 / etc"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_EA09C5DF436211DB81E1000E0C2E438A.NASL description The PHP development team reports : - Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems. - Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache. - Fixed overflow in GD extension on invalid GIF images. - Fixed a buffer overflow inside sscanf() function. - Fixed an out of bounds read inside stripos() function. - Fixed memory_limit restriction on 64 bit system. last seen 2020-06-01 modified 2020-06-02 plugin id 22343 published 2006-09-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22343 title FreeBSD : php -- multiple vulnerabilities (ea09c5df-4362-11db-81e1-000e0c2e438a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(22343); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-4481", "CVE-2006-4482", "CVE-2006-4483", "CVE-2006-4484", "CVE-2006-4485", "CVE-2006-4486"); script_name(english:"FreeBSD : php -- multiple vulnerabilities (ea09c5df-4362-11db-81e1-000e0c2e438a)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The PHP development team reports : - Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems. - Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache. - Fixed overflow in GD extension on invalid GIF images. - Fixed a buffer overflow inside sscanf() function. - Fixed an out of bounds read inside stripos() function. - Fixed memory_limit restriction on 64 bit system." ); # http://www.php.net/release_4_4_4.php script_set_attribute( attribute:"see_also", value:"http://php.net/releases/4_4_4.php" ); script_set_attribute( attribute:"see_also", value:"http://www.php.net/release_5_1_5.php" ); # https://vuxml.freebsd.org/freebsd/ea09c5df-4362-11db-81e1-000e0c2e438a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?68c53747" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mod_php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php4-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php4-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php4-dtc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php4-horde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php4-nms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-dtc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-horde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:php5-nms"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/18"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"php4<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-cli<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-cli>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-cli<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-cli>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-cgi<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-cgi>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-cgi<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-cgi>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-dtc<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-dtc>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-dtc<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-dtc>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-horde<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-horde>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-horde<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-horde>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-nms<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php4-nms>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-nms<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"php5-nms>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"mod_php4<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"mod_php4>=5<5.1.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"mod_php5<4.4.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"mod_php5>=5<5.1.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CGI abuses NASL id PHP_5_1_5.NASL description According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities : - The c-client library 2000, 2001, or 2004 for PHP does not check the safe_mode or open_basedir functions. (CVE-2006-1017) - A buffer overflow exists in the sscanf function. (CVE-2006-4020) - The file_exists and imap_reopen functions do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. (CVE-2006-4481) - Multiple heap-based buffer overflows exist in the str_repeat and wordwrap functions in ext/standard/string.c. (CVE-2006-4482) - The cURL extension files permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions. (CVE-2006-4483) - A buffer overflow vulnerability exists in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension. (CVE-2006-4484) - The stripos function is affected by an out-of-bounds read. (CVE-2006-4485) last seen 2020-06-01 modified 2020-06-02 plugin id 17713 published 2011-11-18 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17713 title PHP 5.1.x < 5.1.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17713); script_version("1.6"); script_cvs_date("Date: 2018/07/24 18:56:10"); script_cve_id( "CVE-2006-1017", "CVE-2006-4020", "CVE-2006-4481", "CVE-2006-4482", "CVE-2006-4483", "CVE-2006-4484", "CVE-2006-4485" ); script_bugtraq_id(16878, 19415, 19582); script_name(english:"PHP 5.1.x < 5.1.5 Multiple Vulnerabilities"); script_summary(english:"Checks version of PHP"); script_set_attribute( attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities : - The c-client library 2000, 2001, or 2004 for PHP does not check the safe_mode or open_basedir functions. (CVE-2006-1017) - A buffer overflow exists in the sscanf function. (CVE-2006-4020) - The file_exists and imap_reopen functions do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. (CVE-2006-4481) - Multiple heap-based buffer overflows exist in the str_repeat and wordwrap functions in ext/standard/string.c. (CVE-2006-4482) - The cURL extension files permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions. (CVE-2006-4483) - A buffer overflow vulnerability exists in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension. (CVE-2006-4484) - The stripos function is affected by an out-of-bounds read. (CVE-2006-4485)" ); script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=38322"); script_set_attribute(attribute:"see_also", value:"http://www.php.net/releases/5_1_5.php"); script_set_attribute(attribute:"solution", value:"Upgrade to PHP version 5.1.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/28"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("php_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("audit.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); if (version !~ "^5\.") exit(0, "The web server on port "+port+" uses PHP "+version+" rather than 5.x."); if (version =~ "^5\.(0\.|1\.[0-4]([^0-9]|$))") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version+ '\n Fixed version : 5.1.5\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-162.NASL description The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481). Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484). The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485). CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP. Updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23906 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23906 title Mandrake Linux Security Advisory : php (MDKSA-2006:162) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:162. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(23906); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-4481", "CVE-2006-4484", "CVE-2006-4485"); script_bugtraq_id(19582); script_xref(name:"MDKSA", value:"2006:162"); script_name(english:"Mandrake Linux Security Advisory : php (MDKSA-2006:162)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481). Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484). The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485). CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP. Updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64php5_common5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libphp5_common5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-fcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-imap"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64php5_common5-5.0.4-9.14.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libphp5_common5-5.0.4-9.14.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"php-cgi-5.0.4-9.14.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"php-cli-5.0.4-9.14.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"php-devel-5.0.4-9.14.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"php-fcgi-5.0.4-9.14.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"php-imap-5.0.4-2.4.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-09-20 |
| organization | Red Hat |
| statement | We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php |
References
- http://secunia.com/advisories/21546
- http://secunia.com/advisories/21768
- http://secunia.com/advisories/21842
- http://secunia.com/advisories/22039
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:162
- http://www.novell.com/linux/security/advisories/2006_52_php.html
- http://www.php.net/release_5_1_5.php
- http://www.securityfocus.com/bid/19582
- http://www.ubuntu.com/usn/usn-342-1
- http://www.vupen.com/english/advisories/2006/3318