Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title PHP: Multiple vulnerabilities
Informations
Name GLSA-200710-02 First vendor Publication 2007-10-07
Vendor Gentoo Last vendor Modification 2007-10-07
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Description

Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows (CVE-2007-3996). Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow (CVE-2007-2872). Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow (CVE-2007-4661 and CVE-2007-4660). A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1
was not fixed correctly (CVE-2007-1887).

Stefan Esser discovered an error in the zend_alter_ini_entry() function handling a memory_limit violation (CVE-2007-4659). Stefan Esser also discovered a flaw when handling interruptions with userspace error handlers that can be exploited to read arbitrary heap memory
(CVE-2007-1883). Disclosure of sensitive memory can also be triggered due to insufficient boundary checks in the strspn() and strcspn()
functions, an issue discovered by Mattias Bengtsson and Philip Olausson
(CVE-2007-4657)

Stefan Esser reported incorrect validation in the FILTER_VALIDATE_EMAIL filter of the Filter extension allowing arbitrary email header injection (CVE-2007-1900). NOTE: This CVE was referenced, but not fixed in GLSA 200705-19.

Stanislav Malyshev found an error with unknown impact in the money_format() function when processing "%i" and "%n" tokens
(CVE-2007-4658). zatanzlatan reported a buffer overflow in the php_openssl_make_REQ() function with unknown impact when providing a manipulated SSL configuration file (CVE-2007-4662). Possible memory corruption when trying to read EXIF data in exif_read_data() and exif_thumbnail() occurred with unknown impact.

Several vulnerabilities that allow bypassing of open_basedir and other restrictions were reported, including the glob() function
(CVE-2007-4663), the session_save_path(), ini_set(), and error_log()
functions which can allow local command execution (CVE-2007-3378), involving the readfile() function (CVE-2007-3007), via the Session extension (CVE-2007-4652), via the MySQL extension (CVE-2007-3997) and in the dl() function which allows loading extensions outside of the specified directory (CVE-2007-4825).

Multiple Denial of Service vulnerabilities were discovered, including a long "library" parameter in the dl() function (CVE-2007-4887), in several iconv and xmlrpc functions (CVE-2007-4840 and CVE-2007-4783), in the setlocale() function (CVE-2007-4784), in the glob() and fnmatch() function (CVE-2007-4782 and CVE-2007-3806), a floating point exception in the wordwrap() function (CVE-2007-3998), a stack exhaustion via deeply nested arrays (CVE-2007-4670), an infinite loop caused by a specially crafted PNG image in the png_read_info() function of libpng (CVE-2007-2756) and several issues related to array conversion.

Impact

Remote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.4_p20070914-r2"

References

[ 1 ] CVE-2007-1883 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1883
[ 2 ] CVE-2007-1887 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1887
[ 3 ] CVE-2007-1900 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
[ 4 ] CVE-2007-2756 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
[ 5 ] CVE-2007-2872 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
[ 6 ] CVE-2007-3007 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3007
[ 7 ] CVE-2007-3378 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378
[ 8 ] CVE-2007-3806 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3806
[ 9 ] CVE-2007-3996 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
[ 10 ] CVE-2007-3997 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3997
[ 11 ] CVE-2007-3998 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998
[ 12 ] CVE-2007-4652 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4652
[ 13 ] CVE-2007-4657 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4657
[ 14 ] CVE-2007-4658 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658
[ 15 ] CVE-2007-4659 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4659
[ 16 ] CVE-2007-4660 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4660
[ 17 ] CVE-2007-4661 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4661
[ 18 ] CVE-2007-4662 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4662
[ 19 ] CVE-2007-4663 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4663
[ 20 ] CVE-2007-4670 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670
[ 21 ] CVE-2007-4727 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727
[ 22 ] CVE-2007-4782 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782
[ 23 ] CVE-2007-4783 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783
[ 24 ] CVE-2007-4784 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4784
[ 25 ] CVE-2007-4825 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4825
[ 26 ] CVE-2007-4840 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840
[ 27 ] CVE-2007-4887 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
[ 28 ] GLSA 200705-19 : http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200710-02.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200710-02.xml

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-20 Improper Input Validation
17 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12 % CWE-399 Resource Management Errors
12 % CWE-264 Permissions, Privileges, and Access Controls
12 % CWE-189 Numeric Errors (CWE/SANS Top 25)
8 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
4 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)
4 % CWE-94 Failure to Control Generation of Code ('Code Injection')
4 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10363
 
Oval ID: oval:org.mitre.oval:def:10363
Title: The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
Description: The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4658
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10603
 
Oval ID: oval:org.mitre.oval:def:10603
Title: The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
Description: The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3998
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10779
 
Oval ID: oval:org.mitre.oval:def:10779
Title: The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.
Description: The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2756
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10897
 
Oval ID: oval:org.mitre.oval:def:10897
Title: PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
Description: PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4782
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11028
 
Oval ID: oval:org.mitre.oval:def:11028
Title: Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
Description: Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4670
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11147
 
Oval ID: oval:org.mitre.oval:def:11147
Title: Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
Description: Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3996
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13729
 
Oval ID: oval:org.mitre.oval:def:13729
Title: USN-720-1 -- php5 vulnerabilities
Description: It was discovered that PHP did not properly enforce php_admin_value and php_admin_flag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. It was discovered that PHP did not correctly handle certain malformed font files. If a PHP application were tricked into processing a specially crafted font file, an attacker may be able to cause a denial of service and possibly execute arbitrary code with application privileges. It was discovered that PHP did not properly check the delimiter argument to the explode function. If a script passed untrusted input to the explode function, an attacker could cause a denial of service and possibly execute arbitrary code with application privileges. It was discovered that PHP, when used as FastCGI module, did not properly sanitize requests. By performing a request with multiple dots preceding the extension, an attacker could cause a denial of service. It was discovered that PHP did not properly handle Unicode conversion in the mbstring extension. If a PHP application were tricked into processing a specially crafted string containing an HTML entity, an attacker could execute arbitrary code with application privileges. It was discovered that PHP did not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function. An attacker could exploit this issue to bypass safe_mode restrictions. It was dicovered that PHP did not properly enforce error_log safe_mode restrictions when set by php_admin_flag in the Apache configuration file. A local attacker could create a specially crafted PHP script that would overwrite arbitrary files. It was discovered that PHP contained a flaw in the ZipArchive::extractTo function. If a PHP application were tricked into processing a specially crafted zip file that had filenames containing "..", an attacker could write arbitrary files within the filesystem. This issue only applied to Ubuntu 7.10, 8.04 LTS, and 8.10. USN-557-1 fixed a vulnerability in the GD library. When using the GD library, PHP did not properly handle the return codes that were added in the security update. An attacker could exploit this issue with a specially crafted image file and cause PHP to crash, leading to a denial of service. This issue only applied to Ubuntu 6.06 LTS, and 7.10
Family: unix Class: patch
Reference(s): USN-720-1
CVE-2007-5900
CVE-2008-3658
CVE-2008-3659
CVE-2008-3660
CVE-2008-5557
CVE-2008-5624
CVE-2008-5625
CVE-2008-5658
CVE-2007-3996
 Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17679
 
Oval ID: oval:org.mitre.oval:def:17679
Title: USN-557-1 -- libgd2 vulnerability
Description: Mattias Bengtsson and Philip Olausson discovered that the GD library did not properly perform bounds checking when creating images.
Family: unix Class: patch
Reference(s): USN-557-1
CVE-2007-3996
 Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
 Product(s): libgd2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18620
 
Oval ID: oval:org.mitre.oval:def:18620
Title: DSA-1362-1 lighttpd - several vulnerabilities
Description: Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitrary code via the overflow of CGI variables when mod_fcgi was enabled.
Family: unix Class: patch
Reference(s): DSA-1362-1
CVE-2007-3946
CVE-2007-3947
CVE-2007-3949
CVE-2007-3950
CVE-2007-4727
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): lighttpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19944
 
Oval ID: oval:org.mitre.oval:def:19944
Title: DSA-1283-1 php5
Description: Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1283-1
CVE-2007-1286
CVE-2007-1375
CVE-2007-1376
CVE-2007-1380
CVE-2007-1453
CVE-2007-1454
CVE-2007-1521
CVE-2007-1583
CVE-2007-1700
CVE-2007-1711
CVE-2007-1718
CVE-2007-1777
CVE-2007-1824
CVE-2007-1887
CVE-2007-1889
CVE-2007-1900
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20198
 
Oval ID: oval:org.mitre.oval:def:20198
Title: DSA-1444-1 php5 several issues
Description: It was discovered that the patch for <a href="http://security-tracker.debian.org/tracker/CVE-2007-4659">CVE-2007-4659</a> could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA.
Family: unix Class: patch
Reference(s): DSA-1444-1
CVE-2007-3799
CVE-2007-3998
CVE-2007-4657
CVE-2007-4658
CVE-2007-4660
CVE-2007-4662
CVE-2007-5898
CVE-2007-5899
CVE-2007-4659
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22339
 
Oval ID: oval:org.mitre.oval:def:22339
Title: ELSA-2007:0890: php security update (Moderate)
Description: Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
Family: unix Class: patch
Reference(s): ELSA-2007:0890-03
CVE-2007-2756
CVE-2007-2872
CVE-2007-3799
CVE-2007-3996
CVE-2007-3998
CVE-2007-4658
CVE-2007-4670
 Version: 33
Platform(s): Oracle Linux 5
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5348
 
Oval ID: oval:org.mitre.oval:def:5348
Title: HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
Description: Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1887
 Version: 9
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5767
 
Oval ID: oval:org.mitre.oval:def:5767
Title: HP-UX Running Apache, Remote Execution of Arbitrary Code
Description: The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4887
 Version: 9
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6056
 
Oval ID: oval:org.mitre.oval:def:6056
Title: HP-UX Running Apache, Remote Execution of Arbitrary Code
Description: The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3378
 Version: 9
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6067
 
Oval ID: oval:org.mitre.oval:def:6067
Title: HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
Description: CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1900
 Version: 9
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7538
 
Oval ID: oval:org.mitre.oval:def:7538
Title: DSA-1444 php5 -- several vulnerabilities
Description: It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA. For reference the original advisory below: Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the session_start() function allowed the insertion of attributes into the session cookie. Mattias Bengtsson and Philip Olausson discovered that a programming error in the implementation of the wordwrap() function allowed denial of service through an infinite loop. Stanislav Malyshev discovered that a format string vulnerability in the money_format() function could allow the execution of arbitrary code. Stefan Esser discovered that execution control flow inside the zend_alter_ini_entry() function is handled incorrectly in case of a memory limit violation. Gerhard Wagner discovered an integer overflow inside the chunk_split() function. Rasmus Lerdorf discovered that incorrect parsing of multibyte sequences may lead to disclosure of memory contents. It was discovered that the output_add_rewrite_var() function could leak session ID information, resulting in information disclosure. This update also fixes two bugs from the PHP 5.2.4 release which don't have security impact according to the Debian PHP security policy (CVE-2007-4657 and CVE-2007-4662), but which are fixed nonetheless. The old stable distribution (sarge) doesn't contain php5. For the stable distribution (etch), these problems have been fixed in version 5.2.0-8+etch10. For the unstable distribution (sid), these problems have been fixed in version 5.2.4-1, with the exception of CVE-2007-5898 and CVE-2007-5899, which will be fixed soon. Please note that Debian's version of PHP is hardened with the Suhosin patch beginning with version 5.2.4-1, which renders several vulnerabilities ineffective. We recommend that you upgrade your php5 packages.
Family: unix Class: patch
Reference(s): DSA-1444
CVE-2007-3799
CVE-2007-3998
CVE-2007-4657
CVE-2007-4658
CVE-2007-4660
CVE-2007-4662
CVE-2007-5898
CVE-2007-5899
CVE-2007-4659
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9424
 
Oval ID: oval:org.mitre.oval:def:9424
Title: Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Description: Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2872
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 55
Application 303
Os 5
Os 2

ExploitDB Exploits

id Description
2007-09-10 PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP version smaller than 5.2.5
File : nvt/nopsec_php_5_2_5.nasl
2012-06-21 Name : PHP version smaller than 5.2.4
File : nvt/nopsec_php_5_2_4.nasl
2012-06-21 Name : PHP version smaller than 5.2.3
File : nvt/nopsec_php_5_2_3.nasl
2012-06-21 Name : PHP version smaller than 5.2.1
File : nvt/nopsec_php_5_2_1.nasl
2012-06-21 Name : PHP version smaller than 4.4.8
File : nvt/nopsec_php_4_4_8.nasl
2012-06-21 Name : PHP version smaller than 4.4.5
File : nvt/nopsec_php_4_4_5.nasl
2010-04-21 Name : PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability
File : nvt/gb_php_23235.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-19 Name : Mandrake Security Advisory MDVSA-2009:264 (gd)
File : nvt/mdksa_2009_264.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5015662.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5012110.nasl
2009-10-10 Name : SLES9: Security update for gd
File : nvt/sles9p5009393.nasl
2009-06-05 Name : Ubuntu USN-720-1 (php5)
File : nvt/ubuntu_720_1.nasl
2009-06-05 Name : Ubuntu USN-719-1 (libpam-krb5)
File : nvt/ubuntu_719_1.nasl
2009-05-05 Name : HP-UX Update for Apache With PHP HPSBUX02332
File : nvt/gb_hp_ux_HPSBUX02332.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX02308
File : nvt/gb_hp_ux_HPSBUX02308.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX02262
File : nvt/gb_hp_ux_HPSBUX02262.nasl
2009-04-09 Name : Mandriva Update for php MDKSA-2007:187 (php)
File : nvt/gb_mandriva_MDKSA_2007_187.nasl
2009-04-09 Name : Mandriva Update for php MDVSA-2008:126 (php)
File : nvt/gb_mandriva_MDVSA_2008_126.nasl
2009-04-09 Name : Mandriva Update for tetex MDKSA-2007:124 (tetex)
File : nvt/gb_mandriva_MDKSA_2007_124.nasl
2009-04-09 Name : Mandriva Update for libwmf MDKSA-2007:123 (libwmf)
File : nvt/gb_mandriva_MDKSA_2007_123.nasl
2009-04-09 Name : Mandriva Update for gd MDKSA-2007:122 (gd)
File : nvt/gb_mandriva_MDKSA_2007_122.nasl
2009-04-09 Name : Mandriva Update for php MDKSA-2007:089 (php)
File : nvt/gb_mandriva_MDKSA_2007_089.nasl
2009-03-23 Name : Ubuntu Update for libgd2 vulnerability USN-557-1
File : nvt/gb_ubuntu_USN_557_1.nasl
2009-03-23 Name : Ubuntu Update for php5 regression USN-549-2
File : nvt/gb_ubuntu_USN_549_2.nasl
2009-03-23 Name : Ubuntu Update for php5 vulnerabilities USN-549-1
File : nvt/gb_ubuntu_USN_549_1.nasl
2009-03-23 Name : Ubuntu Update for libgd2 vulnerabilities USN-473-1
File : nvt/gb_ubuntu_USN_473_1.nasl
2009-03-23 Name : Ubuntu Update for php5 vulnerabilities USN-455-1
File : nvt/gb_ubuntu_USN_455_1.nasl
2009-03-23 Name : Ubuntu Update for php5 vulnerabilities USN-628-1
File : nvt/gb_ubuntu_USN_628_1.nasl
2009-03-06 Name : RedHat Update for php RHSA-2008:0545-01
File : nvt/gb_RHSA-2008_0545-01_php.nasl
2009-03-06 Name : RedHat Update for php RHSA-2008:0544-01
File : nvt/gb_RHSA-2008_0544-01_php.nasl
2009-03-06 Name : RedHat Update for gd RHSA-2008:0146-01
File : nvt/gb_RHSA-2008_0146-01_gd.nasl
2009-02-27 Name : CentOS Update for php CESA-2008:0544 centos3 i386
File : nvt/gb_CESA-2008_0544_php_centos3_i386.nasl
2009-02-27 Name : CentOS Update for gd CESA-2008:0146 centos4 x86_64
File : nvt/gb_CESA-2008_0146_gd_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for gd CESA-2008:0146 centos4 i386
File : nvt/gb_CESA-2008_0146_gd_centos4_i386.nasl
2009-02-27 Name : CentOS Update for php CESA-2008:0544 centos3 x86_64
File : nvt/gb_CESA-2008_0544_php_centos3_x86_64.nasl
2009-02-27 Name : Fedora Update for lighttpd FEDORA-2007-2132
File : nvt/gb_fedora_2007_2132_lighttpd_fc7.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-2215
File : nvt/gb_fedora_2007_2215_php_fc7.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-709
File : nvt/gb_fedora_2007_709_php_fc6.nasl
2009-02-17 Name : Fedora Update for php FEDORA-2008-3864
File : nvt/gb_fedora_2008_3864_php_fc8.nasl
2009-01-28 Name : SuSE Update for php4,php5 SUSE-SA:2007:032
File : nvt/gb_suse_2007_032.nasl
2009-01-26 Name : Mandrake Security Advisory MDVSA-2009:022 (php)
File : nvt/mdksa_2009_022.nasl
2009-01-26 Name : Mandrake Security Advisory MDVSA-2009:023 (php)
File : nvt/mdksa_2009_023.nasl
2009-01-23 Name : SuSE Update for php4, php5 SUSE-SA:2008:004
File : nvt/gb_suse_2008_004.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200708-05 (gd)
File : nvt/glsa_200708_05.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200805-13 (ptex)
File : nvt/glsa_200805_13.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200710-02 (php)
File : nvt/glsa_200710_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200709-16 (lighttpd)
File : nvt/glsa_200709_16.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-19 (php)
File : nvt/glsa_200705_19.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200711-34 (cstetex)
File : nvt/glsa_200711_34.nasl
2008-09-04 Name : FreeBSD Ports: php5
File : nvt/freebsd_php51.nasl
2008-09-04 Name : FreeBSD Ports: php5
File : nvt/freebsd_php50.nasl
2008-09-04 Name : FreeBSD Ports: lighttpd
File : nvt/freebsd_lighttpd0.nasl
2008-08-15 Name : Debian Security Advisory DSA 1613-1 (libgd2)
File : nvt/deb_1613_1.nasl
2008-05-27 Name : Debian Security Advisory DSA 1572-1 (php5)
File : nvt/deb_1572_1.nasl
2008-05-27 Name : Debian Security Advisory DSA 1578-1 (php4)
File : nvt/deb_1578_1.nasl
2008-01-31 Name : Debian Security Advisory DSA 1444-2 (php5)
File : nvt/deb_1444_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1362-2 (lighttpd)
File : nvt/deb_1362_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1444-1 (php5)
File : nvt/deb_1444_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1283-1 (php5)
File : nvt/deb_1283_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-152-01 php5
File : nvt/esoft_slk_ssa_2007_152_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-314-01 php
File : nvt/esoft_slk_ssa_2007_314_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-045-03 php
File : nvt/esoft_slk_ssa_2008_045_03.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58616 PHP string.c chunk_split Function Unspecified Overflow
45902 PHP dl Function Traversal open_basedir Restriction Bypass
45874 PHP chunk_split Function Unspecified Issue
38917 PHP iconv_substr Function Multiple Parameter Remote DoS
38916 PHP Multiple Iconv* Function DoS
38688 PHP glibc Implementation glob() Function Overflow
38687 PHP glibc Implementation setlocale() Function Overflow
38686 PHP glibc Implementation fnmatch() Function Overflow
38684 PHP dl() MAXPATHLEN Argument Size Handling Weakness
38188 PHP glob Function Unspecified Traversal open_basedir Restriction Bypass
36933 lighttpd mod_fastcgi HTTP Request Header Overflow
36870 PHP libgd Multiple Functions Overflow
36869 PHP Multiple Function .htaccess php_value Directive Arbitrary Command Execution
36868 PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
36867 PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
36866 PHP Session File Symlink open_basedir Restriction Bypass
36865 PHP money_format Function Unspecified Issue
36864 PHP zend_alter_ini_entry Function Unspecified Issue
36863 PHP Unspecified Issue (Zend Engine)
36862 PHP strcspn Function Overflow
36861 PHP strspn Function Overflow
36859 PHP php_openssl_make_REQ Function Overflow
36858 PHP wordwrap Function breakcharlen Variable DoS
36643 GD Graphics Library (libgd) gdPngReadData() Function Truncated PNG Data Handl...
36085 PHP glob() Function flags Parameter Memory Corruption
36084 PHP realpath() Function Security Restriction Bypass
36083 PHP chunk_split Function Multiple Argument Overflows
35788 GD Graphics Library (libgd) gdPngReadData() Function Truncated PNG Handling DoS
33962 PHP ext/filter FILTER_VALIDATE_EMAIL Newline Injection

PHP's ext/filter extension contains a flaw that may allow a malicious user to inject specially crafted mail headers. The issue is triggered due to the FILTER_VALIDATE_EMAIL function using an incorrect regular expression which can be trivially bypassed. By using a newline character, an attacker could potentially use this to send unsolicited e-mail from the host.
33958 PHP sqlite Library sqlite_udf_decode_binary() Function Overflow

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the in parameter of the sqlite_decode_binary function in the bundled sqlite library not properly sanitizing user-supplied input. By supplying crafted input, an attacker can trigger a buffer overflow and potentially execute arbitrary code.
33954 PHP iptcembed() Function Interruption Arbitrary Memory Disclosure

PHP contains a flaw that may allow a context-dependent attacker to gain access to sensitive information. The issue is due to the iptcembed function not properly handling user-supplied input. If an attacker can force an interruption that triggers a user space error handler that changes a parameter, they may be able to gain access to arbitrary portions of the system memory.

Snort® IPS/IDS

Date Description
2014-01-10 Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt
RuleID : 17386 - Revision : 10 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2018-05-01 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-120-01.nasl - Type : ACT_GATHER_INFO
2015-10-29 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-604.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15885.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0146.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070920_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070926_php_on_SL3.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080228_gd_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080716_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080716_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12049.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-126.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-022.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-720-1.nasl - Type : ACT_GATHER_INFO
2008-07-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO
2008-07-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1613.nasl - Type : ACT_GATHER_INFO
2008-07-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2008-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2008-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3864.nasl - Type : ACT_GATHER_INFO
2008-05-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1578.nasl - Type : ACT_GATHER_INFO
2008-05-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1572.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-02-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO
2008-02-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO
2008-02-18 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-045-03.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-4909.nasl - Type : ACT_GATHER_INFO
2008-01-08 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-4810.nasl - Type : ACT_GATHER_INFO
2008-01-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1444.nasl - Type : ACT_GATHER_INFO
2008-01-03 Name : The remote web server uses a version of PHP that is affected by multiple issues.
File : php_4_4_8.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-4808.nasl - Type : ACT_GATHER_INFO
2007-12-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-557-1.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gd-3748.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO
2007-12-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-549-2.nasl - Type : ACT_GATHER_INFO
2007-11-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-549-1.nasl - Type : ACT_GATHER_INFO
2007-11-20 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_392b5b1d947111dc9db7001c2514716c.nasl - Type : ACT_GATHER_INFO
2007-11-12 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-314-01.nasl - Type : ACT_GATHER_INFO
2007-11-12 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_5.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-473-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-455-1.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2215.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2132.nasl - Type : ACT_GATHER_INFO
2007-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0888.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_lighttpd-4532.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_gd-3747.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_gd-3700.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-3289.nasl - Type : ACT_GATHER_INFO
2007-10-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO
2007-10-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2007-10-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200709-16.nasl - Type : ACT_GATHER_INFO
2007-09-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-709.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2007-09-17 Name : The remote web server is affected by a buffer overflow vulnerability.
File : lighttpd_fastcgi_overflow.nasl - Type : ACT_ATTACK
2007-09-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_71d903fc602d11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO
2007-09-14 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4b673ae75f9a11dc84dd000102cc8983.nasl - Type : ACT_GATHER_INFO
2007-09-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1362.nasl - Type : ACT_GATHER_INFO
2007-09-03 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_4.nasl - Type : ACT_GATHER_INFO
2007-08-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200708-05.nasl - Type : ACT_GATHER_INFO
2007-06-14 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-122.nasl - Type : ACT_GATHER_INFO
2007-06-14 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-123.nasl - Type : ACT_GATHER_INFO
2007-06-14 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-124.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-152-01.nasl - Type : ACT_GATHER_INFO
2007-06-02 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_3.nasl - Type : ACT_GATHER_INFO
2007-05-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-19.nasl - Type : ACT_GATHER_INFO
2007-05-04 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_4_4_7_or_5_2_2.nasl - Type : ACT_GATHER_INFO
2007-04-30 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-089.nasl - Type : ACT_GATHER_INFO
2007-04-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1283.nasl - Type : ACT_GATHER_INFO
2007-04-02 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_4_4_5.nasl - Type : ACT_GATHER_INFO
2007-04-02 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:35:08
  • Multiple Updates