Executive Summary
Summary | |
---|---|
Title | New PHP 4 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-789 | First vendor Publication | 2005-08-29 |
Vendor | Debian | Last vendor Modification | 2005-08-29 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. CAN-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements. For the old stable distribution (woody) these problems have been fixed in version 4.1.2-7.woody5. For the stable distribution (sarge) these problems have been fixed in version 4.3.10-16. For the unstable distribution (sid) these problems have been fixed in version 4.4.0-2. We recommend that you upgrade your PHP packages. |
Original Source
Url : http://www.debian.org/security/2005/dsa-789 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-35 | Leverage Executable Code in Nonexecutable Files |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11294 | |||
Oval ID: | oval:org.mitre.oval:def:11294 | ||
Title: | Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. | ||
Description: | Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1921 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:345 | |||
Oval ID: | oval:org.mitre.oval:def:345 | ||
Title: | shtool Race Condition | ||
Description: | Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1751 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | php |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:350 | |||
Oval ID: | oval:org.mitre.oval:def:350 | ||
Title: | PEAR XML_RPC PHP Code Execution Vulnerability | ||
Description: | Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1921 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | php |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9569 | |||
Oval ID: | oval:org.mitre.oval:def:9569 | ||
Title: | Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | ||
Description: | Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2498 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021688.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015816.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200506-08 (GNU shtool) File : nvt/glsa_200506_08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-19 (PHP) File : nvt/glsa_200509_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-21 (phpwebsite) File : nvt/glsa_200508_21.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-20 (phpgroupware) File : nvt/glsa_200508_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-18 (phpwiki) File : nvt/glsa_200508_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-14 (tikiwiki egroupware) File : nvt/glsa_200508_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-13 (pear-xml_rpc phpxmlrpc) File : nvt/glsa_200508_13.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-15 (PHP) File : nvt/glsa_200507_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-08 (phpgroupware egroupware) File : nvt/glsa_200507_08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-07 (phpwebsite) File : nvt/glsa_200507_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-06 (Tikiwiki) File : nvt/glsa_200507_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-02 (wordpress) File : nvt/glsa_200507_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-01 (pear-xml_rpc phpxmlrpc) File : nvt/glsa_200507_01.nasl |
2008-09-04 | Name : FreeBSD Ports: shtool File : nvt/freebsd_shtool.nasl |
2008-09-04 | Name : FreeBSD Ports: postnuke File : nvt/freebsd_postnuke1.nasl |
2008-09-04 | Name : FreeBSD Ports: pear-XML_RPC File : nvt/freebsd_pear-XML_RPC1.nasl |
2008-09-04 | Name : FreeBSD Ports: pear-XML_RPC File : nvt/freebsd_pear-XML_RPC.nasl |
2008-09-04 | Name : FreeBSD Ports: drupal File : nvt/freebsd_drupal.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 745-1 (drupal) File : nvt/deb_745_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 842-1 (egroupware) File : nvt/deb_842_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 840-1 (drupal) File : nvt/deb_840_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 798-1 (phpgroupware) File : nvt/deb_798_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 789-1 (php4) File : nvt/deb_789_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 747-1 (egroupware) File : nvt/deb_747_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 746-1 (phpgroupware) File : nvt/deb_746_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-251-04 php5 in Slackware 10.1 File : nvt/esoft_slk_ssa_2005_251_04.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-242-02 PHP File : nvt/esoft_slk_ssa_2005_242_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-192-01 PHP File : nvt/esoft_slk_ssa_2005_192_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
18889 | XML-RPC for PHP (PHPXMLRPC) Nested XML Tags Arbitrary PHP Code Execution XML-RPC for PHP (PHPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The problem is that the library does not properly sanitizing certain XML tags that are nested in a parsed PHP document before being used in an 'eval()' call, which may allow a remote attacker to execute arbitrary PHP code resulting in a loss of integrity. |
17793 | XML-RPC for PHP (PHPXMLRPC) parseRequest() Function Arbitrary PHP Code Execution XML-RPC for PHP (PHPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the 'parseRequest()' function not properly sanitizing user-supplied input. By creating an XML file that uses single quotes to escape into the 'eval()' call, a remote attacker can execute arbitrary PHP code resulting in a loss of integrity. |
16848 | shtool Symlink Arbitrary File Manipulation shtool contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | PHP xmlrpc.php post attempt RuleID : 3827 - Revision : 16 - Type : SERVER-WEBAPP |
2015-03-31 | PHP xmlrpc.php command injection attempt RuleID : 33632 - Revision : 3 - Type : SERVER-WEBAPP |
2014-01-10 | PHP alternate xmlrpc.php command injection attempt RuleID : 13818 - Revision : 12 - Type : SERVER-WEBAPP |
2014-01-10 | PHP xmlrpc.php command injection attempt RuleID : 13817 - Revision : 12 - Type : SERVER-WEBAPP |
2014-01-10 | PHP xmlrpc.php command injection attempt RuleID : 13816 - Revision : 14 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-748.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-564.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e65ad1bf0d8b11da90d000304823c0d3.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_0274a9f1075911dabc080001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-171-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-147-1.nasl - Type : ACT_GATHER_INFO |
2005-11-11 | Name : The remote web server contains a PHP script that is prone to arbitrary code e... File : phpadsnew_xmlrpc.nasl - Type : ACT_ATTACK |
2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-242-02.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_051.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_049.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-146.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-19.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-251-04.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-842.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-840.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-809.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-810.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-20.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-21.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-798.nasl - Type : ACT_GATHER_INFO |
2005-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-14.nasl - Type : ACT_GATHER_INFO |
2005-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-13.nasl - Type : ACT_GATHER_INFO |
2005-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-18.nasl - Type : ACT_GATHER_INFO |
2005-08-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-789.nasl - Type : ACT_GATHER_INFO |
2005-08-29 | Name : The remote web server contains a PHP application that is affected by multiple... File : phpadsnew_206.nasl - Type : ACT_ATTACK |
2005-08-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-748.nasl - Type : ACT_GATHER_INFO |
2005-08-01 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f241641ef5ea11d9a6db000d608ed240.nasl - Type : ACT_GATHER_INFO |
2005-07-20 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_041.nasl - Type : ACT_GATHER_INFO |
2005-07-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-15.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-746.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-192-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6596bb80d02611d99aed000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_523fad14eb9d11d9a8bd000cf18bbe54.nasl - Type : ACT_GATHER_INFO |
2005-07-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-08.nasl - Type : ACT_GATHER_INFO |
2005-07-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-747.nasl - Type : ACT_GATHER_INFO |
2005-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-07.nasl - Type : ACT_GATHER_INFO |
2005-07-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-745.nasl - Type : ACT_GATHER_INFO |
2005-07-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-06.nasl - Type : ACT_GATHER_INFO |
2005-07-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-564.nasl - Type : ACT_GATHER_INFO |
2005-07-08 | Name : The remote web server contains a PHP application that is affected by an arbit... File : drupal_xmlrpc.nasl - Type : ACT_ATTACK |
2005-07-06 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-518.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-517.nasl - Type : ACT_GATHER_INFO |
2005-07-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-02.nasl - Type : ACT_GATHER_INFO |
2005-07-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-01.nasl - Type : ACT_GATHER_INFO |
2005-07-01 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-109.nasl - Type : ACT_GATHER_INFO |
2005-07-01 | Name : The remote web server contains a PHP script that is prone to a remote code in... File : serendipity_xmlrpc_code_injection.nasl - Type : ACT_ATTACK |
2005-06-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200506-08.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:16 |
|