Vulnerabilities > CVE-2008-2051 - Multiple vulnerability in PHP 5.2.5 and Prior Versions

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
php
critical
nessus

Summary

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

Vulnerable Configurations

Part Description Count
Application
Php
337

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-628-1.NASL
    descriptionIt was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. (CVE-2007-4782) Maksymilian Arciemowicz discovered a flaw in the cURL library that allowed safe_mode and open_basedir restrictions to be bypassed. If a PHP application were tricked into processing a bad file:// request, an attacker could read arbitrary files. (CVE-2007-4850) Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. This issue affects Ubuntu 8.04 LTS, and an updated fix is included for Ubuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898) It was discovered that the output_add_rewrite_var function would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user
    last seen2020-06-01
    modified2020-06-02
    plugin id33575
    published2008-07-24
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33575
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-005.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs.
    last seen2020-06-01
    modified2020-06-02
    plugin id33790
    published2008-08-01
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33790
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-005)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200811-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200811-05 (PHP: Multiple vulnerabilities) Several vulnerabilitites were found in PHP: PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674). Multiple crash issues in several PHP functions have been discovered. Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599). An off-by-one error in the metaphone() function may lead to memory corruption. Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384). Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050). Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051). Stefan Esser reported that a short-coming in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id34787
    published2008-11-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34787
    titleGLSA-200811-05 : PHP: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1578.NASL
    descriptionSeveral vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3799 The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters. - CVE-2007-3806 A denial of service was possible through a malicious script abusing the glob() function. - CVE-2007-3998 Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack. - CVE-2007-4657 Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service. - CVE-2008-2051 The escapeshellcmd API function could be attacked via incomplete multibyte chars.
    last seen2020-06-01
    modified2020-06-02
    plugin id32379
    published2008-05-19
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32379
    titleDebian DSA-1578-1 : php4 - several vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-128.NASL
    descriptionA number of vulnerabilities have been found and corrected in PHP : php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors (CVE-2008-0599). The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829). In addition, the updated packages provide a number of bug fixes. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36486
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36486
    titleMandriva Linux Security Advisory : php (MDVSA-2008:128)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0545.NASL
    descriptionUpdated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33511
    published2008-07-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33511
    titleRHEL 4 : php (RHSA-2008:0545)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0545.NASL
    descriptionUpdated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43693
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43693
    titleCentOS 4 : php (CESA-2008:0545)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-128-01.NASL
    descriptionNew php packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. Note that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code is not ready for PHP5, don
    last seen2020-06-01
    modified2020-06-02
    plugin id32444
    published2008-05-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32444
    titleSlackware 10.2 / 11.0 / 12.0 / 12.1 / current : php (SSA:2008-128-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0546.NASL
    descriptionUpdated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33512
    published2008-07-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33512
    titleRHEL 2.1 : php (RHSA-2008:0546)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0545.NASL
    descriptionFrom Red Hat Security Advisory 2008:0545 : Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id67712
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67712
    titleOracle Linux 4 : php (ELSA-2008-0545)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080716_PHP_ON_SL5_X.NASL
    descriptionIt was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id60445
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60445
    titleScientific Linux Security Update : php on SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-126.NASL
    descriptionA number of vulnerabilities have been found and corrected in PHP : PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with
    last seen2020-06-01
    modified2020-06-02
    plugin id37584
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37584
    titleMandriva Linux Security Advisory : php (MDVSA-2008:126)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0544.NASL
    descriptionFrom Red Hat Security Advisory 2008:0544 : Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id67711
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67711
    titleOracle Linux 3 / 5 : php (ELSA-2008-0544)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0544.NASL
    descriptionUpdated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33510
    published2008-07-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33510
    titleRHEL 3 / 5 : php (RHSA-2008:0544)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3606.NASL
    descriptionThis release updates PHP to the latest upstream version 5.2.6, fixing multiple bugs and security issues. See upstream release notes for further details: http://www.php.net/releases/5_2_6.php It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) It was discovered that a PHP script using the transparent session ID configuration option, or using the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form which is posted to a third-party website, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33231
    published2008-06-24
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33231
    titleFedora 9 : php-5.2.6-2.fc9 (2008-3606)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080716_PHP_ON_SL4_X.NASL
    descriptionIt was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id60444
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60444
    titleScientific Linux Security Update : php on SL4.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3864.NASL
    descriptionThis release updates PHP to the latest upstream version 5.2.6, fixing multiple bugs and security issues. See upstream release notes for further details: http://www.php.net/releases/5_2_5.php http://www.php.net/releases/5_2_6.php It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. An attacker could use this flaw to conduct cross-site scripting attack against users of such browsers. (CVE-2007-5898) It was discovered that a PHP script using the transparent session ID configuration option, or using the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form which is posted to a third-party website, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33232
    published2008-06-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33232
    titleFedora 8 : php-5.2.6-2.fc8 (2008-3864)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1572.NASL
    descriptionSeveral vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3806 The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. - CVE-2008-1384 Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier. - CVE-2008-2050 Stack-based buffer overflow in the FastCGI SAPI. - CVE-2008-2051 The escapeshellcmd API function could be attacked via incomplete multibyte chars.
    last seen2020-06-01
    modified2020-06-02
    plugin id32306
    published2008-05-13
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32306
    titleDebian DSA-1572-1 : php5 - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-5379.NASL
    descriptionThis update of php5 fixes : - possible stack-based buffer overflow CVE-2008-2050 - incomplete escapeshellcmd() CVE-2008-2051 - printf() integer overflow CVE-2008-1384 - insecure GENERATE_SEED macro CVE-2008-2107 - timezone update for DST in Pakistan
    last seen2020-06-01
    modified2020-06-02
    plugin id33381
    published2008-07-02
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33381
    titleopenSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-5379)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_APACHE2-MOD_PHP5-080625.NASL
    descriptionThis update of php5 fixes : - possible stack-based buffer overflow CVE-2008-2050 - incomplete escapeshellcmd() CVE-2008-2051 - printf() integer overflow CVE-2008-1384 - insecure GENERATE_SEED macro CVE-2008-2107 - timezone update for DST in Pakistan
    last seen2020-06-01
    modified2020-06-02
    plugin id39912
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39912
    titleopenSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-61)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-127.NASL
    descriptionA number of vulnerabilities have been found and corrected in PHP : The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors (CVE-2007-5898). The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL (CVE-2007-5899). php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors (CVE-2008-0599). The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829). In addition, this update also corrects an issue with some float to string conversions. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38042
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38042
    titleMandriva Linux Security Advisory : php (MDVSA-2008:127)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0544.NASL
    descriptionUpdated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33524
    published2008-07-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33524
    titleCentOS 3 / 5 : php (CESA-2008:0544)
  • NASL familyCGI abuses
    NASL idPHP_5_2_6.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is older than 5.2.6. Such versions may be affected by the following issues : - A stack-based buffer overflow in FastCGI SAPI. - An integer overflow in printf(). - An security issue arising from improper calculation of the length of PATH_TRANSLATED in cgi_main.c. - A safe_mode bypass in cURL. - Incomplete handling of multibyte chars inside escapeshellcmd(). - Issues in the bundled PCRE fixed by version 7.6.
    last seen2020-06-01
    modified2020-06-02
    plugin id32123
    published2008-05-02
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32123
    titlePHP < 5.2.6 Multiple Vulnerabilities

Oval

accepted2013-04-29T04:04:04.541-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
familyunix
idoval:org.mitre.oval:def:10256
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
version27

Redhat

advisories
  • rhsa
    idRHSA-2008:0505
  • rhsa
    idRHSA-2008:0544
  • rhsa
    idRHSA-2008:0545
  • rhsa
    idRHSA-2008:0546
  • rhsa
    idRHSA-2008:0582
rpms
  • httpd-0:2.2.8-1.el5s2
  • httpd-debuginfo-0:2.2.8-1.el5s2
  • httpd-devel-0:2.2.8-1.el5s2
  • httpd-manual-0:2.2.8-1.el5s2
  • mod_jk-ap20-0:1.2.26-1.el5s2
  • mod_jk-debuginfo-0:1.2.26-1.el5s2
  • mod_perl-0:2.0.4-3.el5s2
  • mod_perl-debuginfo-0:2.0.4-3.el5s2
  • mod_perl-devel-0:2.0.4-3.el5s2
  • mod_ssl-1:2.2.8-1.el5s2
  • mysql-0:5.0.50sp1a-2.el5s2
  • mysql-bench-0:5.0.50sp1a-2.el5s2
  • mysql-cluster-0:5.0.50sp1a-2.el5s2
  • mysql-connector-odbc-0:3.51.24r1071-1.el5s2
  • mysql-connector-odbc-debuginfo-0:3.51.24r1071-1.el5s2
  • mysql-debuginfo-0:5.0.50sp1a-2.el5s2
  • mysql-devel-0:5.0.50sp1a-2.el5s2
  • mysql-jdbc-0:5.0.8-1jpp.1.el5s2
  • mysql-libs-0:5.0.50sp1a-2.el5s2
  • mysql-server-0:5.0.50sp1a-2.el5s2
  • mysql-test-0:5.0.50sp1a-2.el5s2
  • perl-DBD-MySQL-0:4.006-1.el5s2
  • perl-DBD-MySQL-debuginfo-0:4.006-1.el5s2
  • perl-DBI-0:1.604-1.el5s2
  • perl-DBI-debuginfo-0:1.604-1.el5s2
  • php-0:5.2.6-2.el5s2
  • php-bcmath-0:5.2.6-2.el5s2
  • php-cli-0:5.2.6-2.el5s2
  • php-common-0:5.2.6-2.el5s2
  • php-dba-0:5.2.6-2.el5s2
  • php-debuginfo-0:5.2.6-2.el5s2
  • php-devel-0:5.2.6-2.el5s2
  • php-gd-0:5.2.6-2.el5s2
  • php-imap-0:5.2.6-2.el5s2
  • php-ldap-0:5.2.6-2.el5s2
  • php-mbstring-0:5.2.6-2.el5s2
  • php-mysql-0:5.2.6-2.el5s2
  • php-ncurses-0:5.2.6-2.el5s2
  • php-odbc-0:5.2.6-2.el5s2
  • php-pdo-0:5.2.6-2.el5s2
  • php-pgsql-0:5.2.6-2.el5s2
  • php-snmp-0:5.2.6-2.el5s2
  • php-soap-0:5.2.6-2.el5s2
  • php-xml-0:5.2.6-2.el5s2
  • php-xmlrpc-0:5.2.6-2.el5s2
  • postgresql-0:8.2.9-1.el5s2
  • postgresql-contrib-0:8.2.9-1.el5s2
  • postgresql-debuginfo-0:8.2.9-1.el5s2
  • postgresql-devel-0:8.2.9-1.el5s2
  • postgresql-docs-0:8.2.9-1.el5s2
  • postgresql-jdbc-0:8.2.508-1jpp.el5s2
  • postgresql-jdbc-debuginfo-0:8.2.508-1jpp.el5s2
  • postgresql-libs-0:8.2.9-1.el5s2
  • postgresql-odbc-0:08.02.0500-1.el5s2
  • postgresql-odbc-debuginfo-0:08.02.0500-1.el5s2
  • postgresql-plperl-0:8.2.9-1.el5s2
  • postgresql-plpython-0:8.2.9-1.el5s2
  • postgresql-pltcl-0:8.2.9-1.el5s2
  • postgresql-python-0:8.2.9-1.el5s2
  • postgresql-server-0:8.2.9-1.el5s2
  • postgresql-tcl-0:8.2.9-1.el5s2
  • postgresql-test-0:8.2.9-1.el5s2
  • postgresqlclient81-0:8.1.11-1.el5s2
  • postgresqlclient81-debuginfo-0:8.1.11-1.el5s2
  • unixODBC-0:2.2.12-8.el5s2
  • unixODBC-debuginfo-0:2.2.12-8.el5s2
  • unixODBC-devel-0:2.2.12-8.el5s2
  • unixODBC-kde-0:2.2.12-8.el5s2
  • php-0:4.3.2-48.ent
  • php-0:5.1.6-20.el5_2.1
  • php-bcmath-0:5.1.6-20.el5_2.1
  • php-cli-0:5.1.6-20.el5_2.1
  • php-common-0:5.1.6-20.el5_2.1
  • php-dba-0:5.1.6-20.el5_2.1
  • php-debuginfo-0:4.3.2-48.ent
  • php-debuginfo-0:5.1.6-20.el5_2.1
  • php-devel-0:4.3.2-48.ent
  • php-devel-0:5.1.6-20.el5_2.1
  • php-gd-0:5.1.6-20.el5_2.1
  • php-imap-0:4.3.2-48.ent
  • php-imap-0:5.1.6-20.el5_2.1
  • php-ldap-0:4.3.2-48.ent
  • php-ldap-0:5.1.6-20.el5_2.1
  • php-mbstring-0:5.1.6-20.el5_2.1
  • php-mysql-0:4.3.2-48.ent
  • php-mysql-0:5.1.6-20.el5_2.1
  • php-ncurses-0:5.1.6-20.el5_2.1
  • php-odbc-0:4.3.2-48.ent
  • php-odbc-0:5.1.6-20.el5_2.1
  • php-pdo-0:5.1.6-20.el5_2.1
  • php-pgsql-0:4.3.2-48.ent
  • php-pgsql-0:5.1.6-20.el5_2.1
  • php-snmp-0:5.1.6-20.el5_2.1
  • php-soap-0:5.1.6-20.el5_2.1
  • php-xml-0:5.1.6-20.el5_2.1
  • php-xmlrpc-0:5.1.6-20.el5_2.1
  • php-0:4.3.9-3.22.12
  • php-debuginfo-0:4.3.9-3.22.12
  • php-devel-0:4.3.9-3.22.12
  • php-domxml-0:4.3.9-3.22.12
  • php-gd-0:4.3.9-3.22.12
  • php-imap-0:4.3.9-3.22.12
  • php-ldap-0:4.3.9-3.22.12
  • php-mbstring-0:4.3.9-3.22.12
  • php-mysql-0:4.3.9-3.22.12
  • php-ncurses-0:4.3.9-3.22.12
  • php-odbc-0:4.3.9-3.22.12
  • php-pear-0:4.3.9-3.22.12
  • php-pgsql-0:4.3.9-3.22.12
  • php-snmp-0:4.3.9-3.22.12
  • php-xmlrpc-0:4.3.9-3.22.12
  • php-0:4.1.2-2.20
  • php-devel-0:4.1.2-2.20
  • php-imap-0:4.1.2-2.20
  • php-ldap-0:4.1.2-2.20
  • php-manual-0:4.1.2-2.20
  • php-mysql-0:4.1.2-2.20
  • php-odbc-0:4.1.2-2.20
  • php-pgsql-0:4.1.2-2.20
  • php-0:5.1.6-3.el4s1.10
  • php-bcmath-0:5.1.6-3.el4s1.10
  • php-cli-0:5.1.6-3.el4s1.10
  • php-common-0:5.1.6-3.el4s1.10
  • php-dba-0:5.1.6-3.el4s1.10
  • php-debuginfo-0:5.1.6-3.el4s1.10
  • php-devel-0:5.1.6-3.el4s1.10
  • php-gd-0:5.1.6-3.el4s1.10
  • php-imap-0:5.1.6-3.el4s1.10
  • php-ldap-0:5.1.6-3.el4s1.10
  • php-mbstring-0:5.1.6-3.el4s1.10
  • php-mysql-0:5.1.6-3.el4s1.10
  • php-ncurses-0:5.1.6-3.el4s1.10
  • php-odbc-0:5.1.6-3.el4s1.10
  • php-pdo-0:5.1.6-3.el4s1.10
  • php-pgsql-0:5.1.6-3.el4s1.10
  • php-snmp-0:5.1.6-3.el4s1.10
  • php-soap-0:5.1.6-3.el4s1.10
  • php-xml-0:5.1.6-3.el4s1.10
  • php-xmlrpc-0:5.1.6-3.el4s1.10

References