Vulnerabilities > CVE-2006-5465 - Buffer Overflow vulnerability in PHP HTMLEntities HTMLSpecialChars
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1206.NASL description Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3353 Tim Starling discovered that missing input sanitising in the EXIF module could lead to denial of service. - CVE-2006-3017 Stefan Esser discovered a security-critical programming error in the hashtable implementation of the internal Zend engine. - CVE-2006-4482 It was discovered that str_repeat() and wordwrap() functions perform insufficient checks for buffer boundaries on 64 bit systems, which might lead to the execution of arbitrary code. - CVE-2006-5465 Stefan Esser discovered a buffer overflow in the htmlspecialchars() and htmlentities(), which might lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 23655 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23655 title Debian DSA-1206-1 : php4 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1206. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(23655); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2005-3353", "CVE-2006-3017", "CVE-2006-4482", "CVE-2006-5465"); script_xref(name:"DSA", value:"1206"); script_name(english:"Debian DSA-1206-1 : php4 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3353 Tim Starling discovered that missing input sanitising in the EXIF module could lead to denial of service. - CVE-2006-3017 Stefan Esser discovered a security-critical programming error in the hashtable implementation of the internal Zend engine. - CVE-2006-4482 It was discovered that str_repeat() and wordwrap() functions perform insufficient checks for buffer boundaries on 64 bit systems, which might lead to the execution of arbitrary code. - CVE-2006-5465 Stefan Esser discovered a buffer overflow in the htmlspecialchars() and htmlentities(), which might lead to the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3353" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-3017" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-4482" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-5465" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1206" ); script_set_attribute( attribute:"solution", value: "Upgrade the php4 packages. For the stable distribution (sarge) these problems have been fixed in version 4:4.3.10-18. Builds for hppa and m68k will be provided later once they are available." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/20"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"libapache-mod-php4", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"libapache2-mod-php4", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-cgi", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-cli", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-common", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-curl", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-dev", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-domxml", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-gd", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-imap", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-ldap", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-mcal", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-mhash", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-mysql", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-odbc", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-pear", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-recode", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-snmp", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-sybase", reference:"4:4.3.10-18")) flag++; if (deb_check(release:"3.1", prefix:"php4-xslt", reference:"4:4.3.10-18")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2006-1168.NASL description This update fixes a security vulnerability in PHP. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 24042 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24042 title Fedora Core 5 : php-5.1.6-1.2 (2006-1168) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-1168. # include("compat.inc"); if (description) { script_id(24042); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-1168"); script_name(english:"Fedora Core 5 : php-5.1.6-1.2 (2006-1168)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a security vulnerability in PHP. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user. (CVE-2006-5465) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-November/000810.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?712fb6f6" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"php-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-bcmath-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-dba-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-debuginfo-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-devel-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-gd-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-imap-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-ldap-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-mbstring-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-mysql-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-ncurses-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-odbc-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-pdo-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-pgsql-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-snmp-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-soap-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-xml-5.1.6-1.2")) flag++; if (rpm_check(release:"FC5", reference:"php-xmlrpc-5.1.6-1.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-bcmath / php-dba / php-debuginfo / php-devel / php-gd / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_067.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:067 (php4,php5). This update fixes the following security problems in the PHP scripting language: - CVE-2006-5465: Various buffer overflows in htmlentities / htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used. last seen 2019-10-28 modified 2007-02-18 plugin id 24444 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24444 title SUSE-SA:2006:067: php4,php5 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:067 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24444); script_version ("1.9"); name["english"] = "SUSE-SA:2006:067: php4,php5"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2006:067 (php4,php5). This update fixes the following security problems in the PHP scripting language: - CVE-2006-5465: Various buffer overflows in htmlentities / htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used." ); script_set_attribute(attribute:"solution", value: "http://www.novell.com/linux/security/advisories/2006_67_php.html" ); script_set_attribute(attribute:"risk_factor", value:"Medium" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18"); script_end_attributes(); summary["english"] = "Check for the version of the php4,php5 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"apache2-mod_php4-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-curl-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-gd-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pgsql-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-unixODBC-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.4.0-6.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-bcmath-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-curl-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dom-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ftp-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-gd-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-iconv-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-imap-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ldap-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysql-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysqli-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pgsql-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-soap-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-wddx-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-xmlrpc-5.0.4-9.22", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-curl-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-gd-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pgsql-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.10-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-bcmath-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-curl-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dba-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dom-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ftp-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-gd-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-iconv-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-imap-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ldap-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysql-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysqli-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pgsql-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-soap-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-sysvmsg-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-sysvshm-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-wddx-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-xmlrpc-5.0.3-14.32", release:"SUSE9.3") ) { security_warning(0); exit(0); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0730.NASL description Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 37281 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37281 title CentOS 3 / 4 : php (CESA-2006:0730) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0730 and # CentOS Errata and Security Advisory 2006:0730 respectively. # include("compat.inc"); if (description) { script_id(37281); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-5465"); script_bugtraq_id(20879); script_xref(name:"RHSA", value:"2006:0730"); script_name(english:"CentOS 3 / 4 : php (CESA-2006:0730)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user. (CVE-2006-5465) Users of PHP should upgrade to these updated packages which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013349.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?992951c1" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013350.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3e16d410" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013353.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fea975bb" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013354.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?42467017" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013389.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5f38cb90" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013390.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9cf3ca71" ); script_set_attribute(attribute:"solution", value:"Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-domxml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-ncurses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:php-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"php-4.3.2-37.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-devel-4.3.2-37.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-imap-4.3.2-37.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-ldap-4.3.2-37.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-mysql-4.3.2-37.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-odbc-4.3.2-37.ent")) flag++; if (rpm_check(release:"CentOS-3", reference:"php-pgsql-4.3.2-37.ent")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-devel-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-domxml-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-gd-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-imap-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-ldap-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-mbstring-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-mysql-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-ncurses-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-odbc-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-pear-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-pgsql-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-snmp-4.3.9-3.22")) flag++; if (rpm_check(release:"CentOS-4", reference:"php-xmlrpc-4.3.9-3.22")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-307-01.NASL description New php packages are available for Slackware 10.2 and 11.0 to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23653 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23653 title Slackware 10.2 / 11.0 : php (SSA:2006-307-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2006-307-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(23653); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2006-5465"); script_bugtraq_id(20879); script_xref(name:"SSA", value:"2006-307-01"); script_name(english:"Slackware 10.2 / 11.0 : php (SSA:2006-307-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New php packages are available for Slackware 10.2 and 11.0 to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.453339 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1be208e0" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"10.2", pkgname:"php", pkgver:"4.4.4", pkgarch:"i486", pkgnum:"2_slack10.2")) flag++; if (slackware_check(osver:"11.0", pkgname:"php", pkgver:"4.4.4", pkgarch:"i486", pkgnum:"4_slack11.0")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-196.NASL description The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. The purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used) (CVE-2006-5465) Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. (CVE-2006-5706) Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 24581 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24581 title Mandrake Linux Security Advisory : php (MDKSA-2006:196) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-375-1.NASL description Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application. (CVE-2006-5465) This update also fixes bugs in the chdir() and tempnam() functions, which did not perform proper open_basedir checks. This could allow local scripts to bypass intended restrictions. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27956 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27956 title Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerability (USN-375-1) NASL family CGI abuses NASL id PHP_5_2_0.NASL description According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as last seen 2020-06-01 modified 2020-06-02 plugin id 31649 published 2008-03-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31649 title PHP 5.x < 5.2 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2006-1169.NASL description This update fixes a security vulnerability in PHP. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 24043 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24043 title Fedora Core 6 : php-5.1.6-3.1.fc6 (2006-1169) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-2238.NASL description This update fixes the following security problems in the PHP scripting language : - CVE-2006-5465: Various buffer overflows in htmlentities/htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used. - A missing open_basedir check inside chdir() function was added. - A tempnam() openbasedir bypass was fixed. - A possible buffer overflow in stream_socket_client() when using last seen 2020-06-01 modified 2020-06-02 plugin id 27148 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27148 title openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2238) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0730.NASL description Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 23631 published 2006-11-07 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23631 title RHEL 2.1 / 3 / 4 : php (RHSA-2006:0730) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0730.NASL description Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. From Red Hat Security Advisory 2006:0730 : The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the last seen 2020-06-01 modified 2020-06-02 plugin id 67421 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67421 title Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-2236.NASL description This update fixes the following security problems in the PHP scripting language : - Various buffer overflows in htmlentities/htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used. (CVE-2006-5465) - A missing open_basedir check inside chdir() function was added. - A tempnam() openbasedir bypass was fixed. - A possible buffer overflow in stream_socket_client() when using last seen 2020-06-01 modified 2020-06-02 plugin id 29376 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29376 title SuSE 10 Security Update : PHP (ZYPP Patch Number 2236) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200703-21.NASL description The remote host is affected by the vulnerability described in GLSA-200703-21 (PHP: Multiple vulnerabilities) Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities() and htmlspecialchars() if called with UTF-8 parameters, and an off-by-one error in str_ireplace(). Other vulnerabilities were also found in the PHP4 branch, including possible overflows, stack corruptions and a format string vulnerability in the *print() functions on 64 bit systems. Impact : Remote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24887 published 2007-03-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24887 title GLSA-200703-21 : PHP: Multiple vulnerabilities
Oval
| accepted | 2013-04-29T04:03:53.576-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10240 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X存在多个安全问题,远程和本地攻击者可以利用漏洞进行恶意代码执行,拒绝服务攻击,特权提升,覆盖文件,获得敏感信息等攻击。 具体问题如下: AirPort-CVE-ID: CVE-2006-5710: AirPort无线驱动不正确处理应答帧,可导致基于堆的溢出。 ATS-CVE-ID: CVE-2006-4396: Apple Type服务不安全建立错误日至可导致任意文件覆盖。 ATS-CVE-ID: CVE-2006-4398: Apple Type服务存在多个缓冲区溢出,可导致以高权限执行任意代码。 ATS-CVE-ID: CVE-2006-4400: 利用特殊的字体文件,可导致任意代码执行。 CFNetwork-CVE-ID: CVE-2006-4401: 通过诱使用户访问恶意ftp URI,可导致任意ftp命令执行。 ClamAV-CVE-ID: CVE-2006-4182: 恶意email消息可导致ClamAV执行任意代码。 Finder-CVE-ID: CVE-2006-4402: 通过浏览共享目录可导致应用程序崩溃或执行任意代码。 ftpd-CVE-ID: CVE-2006-4403: 当ftp访问启用时,未授权用户可判别合法的账户名。 gnuzip-CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338: gunzip处理压缩文件存在多个问题,可导致应用程序崩溃或执行任意指令。 Installer-CVE-ID: CVE-2006-4404: 当以管理用户安装软件时,系统权限可能被未授权利用。 OpenSSL-CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343: OpenSSL存在多个安全问题可导致任意代码执行或者获得敏感信息。 perl-CVE-ID: CVE-2005-3962: 不安全处理字符串,可导致Perl应用程序执行任意代码。 PHP-CVE-ID: CVE-2006-1490, CVE-2006-1990: Php应用程序存在多个问题,可导致拒绝服务或执行任意代码。 PHP-CVE-ID: CVE-2006-5465: PHP的htmlentities()和htmlspecialchars()函数存在缓冲区溢出,可导致任意代码执行。 PPP-CVE-ID: CVE-2006-4406: 在不可信的本地网络上使用PPPoE可导致任意代码执行。 Samba-CVE-ID: CVE-2006-3403: 当Windows共享使用时,远程攻击者可进行拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4407: 不安全的传送方法可导致不协商最安全的加密信息。 Security Framework-CVE-ID: CVE-2006-4408: 处理X.509证书时可导致拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4409: 当使用http代理时,证书废弃列表不能获得。 Security Framework-CVE-ID: CVE-2006-4410: 部分调用证书错误的被授权。 VPN-CVE-ID: CVE-2006-4411: 恶意本地用户可获得系统特权。 WebKit-CVE-ID: CVE-2006-4412: 通过诱使用户浏览恶意web页执行任意代码。 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 <a href="http://docs.info.apple.com/article.html?artnum=304829" target="_blank">http://docs.info.apple.com/article.html?artnum=304829</a> |
| id | SSV:623 |
| last seen | 2017-11-19 |
| modified | 2006-11-29 |
| published | 2006-11-29 |
| reporter | Root |
| title | Apple Mac OS X 2006-007存在多个安全漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
- http://docs.info.apple.com/article.html?artnum=304829
- http://issues.rpath.com/browse/RPL-761
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2006-0736.html
- http://secunia.com/advisories/22653
- http://secunia.com/advisories/22685
- http://secunia.com/advisories/22688
- http://secunia.com/advisories/22693
- http://secunia.com/advisories/22713
- http://secunia.com/advisories/22753
- http://secunia.com/advisories/22759
- http://secunia.com/advisories/22779
- http://secunia.com/advisories/22881
- http://secunia.com/advisories/22929
- http://secunia.com/advisories/23139
- http://secunia.com/advisories/23155
- http://secunia.com/advisories/23247
- http://secunia.com/advisories/24606
- http://secunia.com/advisories/25047
- http://security.gentoo.org/glsa/glsa-200703-21.xml
- http://securitytracker.com/id?1017152
- http://securitytracker.com/id?1017296
- http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm
- http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html
- http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml
- http://www.debian.org/security/2006/dsa-1206
- http://www.hardened-php.net/advisory_132006.138.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:196
- http://www.novell.com/linux/security/advisories/2006_67_php.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html
- http://www.php.net/releases/5_2_0.php
- http://www.redhat.com/support/errata/RHSA-2006-0730.html
- http://www.redhat.com/support/errata/RHSA-2006-0731.html
- http://www.securityfocus.com/archive/1/450431/100/0/threaded
- http://www.securityfocus.com/archive/1/451098/100/0/threaded
- http://www.securityfocus.com/archive/1/453024/100/0/threaded
- http://www.securityfocus.com/bid/20879
- http://www.trustix.org/errata/2006/0061/
- http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
- http://www.ubuntu.com/usn/usn-375-1
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vupen.com/english/advisories/2006/4317
- http://www.vupen.com/english/advisories/2006/4749
- http://www.vupen.com/english/advisories/2006/4750
- http://www.vupen.com/english/advisories/2007/1546
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29971
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240