Executive Summary

Summary
Title PHP Toolkit: Data disclosure and Denial of Service
Informations
Name GLSA-200804-19 First vendor Publication 2008-04-17
Vendor Gentoo Last vendor Modification 2008-04-17
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:P)
Cvss Base Score 3.6 Attack Range Local
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

PHP Toolkit does not quote parameters, allowing for PHP source code disclosure on Apache, and a Denial of Service.

Background

PHP Toolkit is a utility to manage parallel installations of PHP within Gentoo. It is executed by the PHP ebuilds at setup.

Description

Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph reported that php-select does not quote parameters passed to the "tr"
command, which could convert the "-D PHP5" argument in the
"APACHE2_OPTS" setting in the file /etc/conf.d/apache2 to lower case.

Impact

An attacker could entice a system administrator to run "emerge php" or call "php-select -t apache2 php5" directly in a directory containing a lower case single-character named file, which would prevent Apache from loading mod_php and thereby disclose PHP source code and cause a Denial of Service.

Workaround

Do not run "emerge" or "php-select" from a working directory which contains a lower case single-character named file.

Resolution

All PHP Toolkit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/php-toolkit-1.0.1"

References

[ 1 ] CVE-2008-1734 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1734

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200804-19.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200804-19.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-19 (php-toolkit)
File : nvt/glsa_200804_19.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
44728 PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS

Nessus® Vulnerability Scanner

Date Description
2008-04-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-19.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:35:46
  • Multiple Updates