Executive Summary
Summary | |
---|---|
Title | Updated PHP packages fix multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | MDVSA-2008:125 | First vendor Publication | 2008-07-03 |
Vendor | Mandriva | Last vendor Modification | 2008-07-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A number of vulnerabilities have been found and corrected in PHP: A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation (CVE-2007-4660). The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors (CVE-2007-5898). The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL (CVE-2007-5899). The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-112 | Brute Force |
CAPEC-281 | Analytic Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-331 | Insufficient Entropy |
25 % | CWE-200 | Information Exposure |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16967 | |||
Oval ID: | oval:org.mitre.oval:def:16967 | ||
Title: | USN-549-2 -- php5 regression | ||
Description: | USN-549-1 fixed vulnerabilities in PHP. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-549-2 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4662 CVE-2007-3799 CVE-2007-2872 CVE-2007-4660 CVE-2007-4661 CVE-2007-1285 CVE-2007-4670 CVE-2007-5898 CVE-2007-5899 | Version: | 7 |
Platform(s): | Ubuntu 7.10 | Product(s): | php5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17624 | |||
Oval ID: | oval:org.mitre.oval:def:17624 | ||
Title: | USN-549-1 -- php5 vulnerabilities | ||
Description: | It was discovered that the wordwrap function did not correctly check lengths. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-549-1 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4662 CVE-2007-3799 CVE-2007-2872 CVE-2007-4660 CVE-2007-4661 CVE-2007-1285 CVE-2007-4670 CVE-2007-5898 CVE-2007-5899 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | php5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18224 | |||
Oval ID: | oval:org.mitre.oval:def:18224 | ||
Title: | DSA-1578-1 php4 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1578-1 CVE-2007-3799 CVE-2007-3806 CVE-2007-3998 CVE-2007-4657 CVE-2008-2051 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18599 | |||
Oval ID: | oval:org.mitre.oval:def:18599 | ||
Title: | DSA-1572-1 php5 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1572-1 CVE-2007-3806 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8065 | |||
Oval ID: | oval:org.mitre.oval:def:8065 | ||
Title: | DSA-1578 php4 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters. A denial of service was possible through a malicious script abusing the glob() function. Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack. Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service. The escapeshellcmd API function could be attacked via incomplete multibyte chars. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1578 CVE-2007-3799 CVE-2007-3806 CVE-2007-3998 CVE-2007-4657 CVE-2008-2051 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php4 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.6 File : nvt/nopsec_php_5_2_6.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.5 File : nvt/nopsec_php_5_2_5.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.4 File : nvt/nopsec_php_5_2_4.nasl |
2012-06-21 | Name : PHP version smaller than 4.4.8 File : nvt/nopsec_php_4_4_8.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015662.nasl |
2009-06-05 | Name : Ubuntu USN-769-1 (libwmf) File : nvt/ubuntu_769_1.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1789-1 (php5) File : nvt/deb_1789_1.nasl |
2009-05-05 | Name : HP-UX Update for Apache With PHP HPSBUX02332 File : nvt/gb_hp_ux_HPSBUX02332.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:127 (php) File : nvt/gb_mandriva_MDVSA_2008_127.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:128 (php) File : nvt/gb_mandriva_MDVSA_2008_128.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:126 (php) File : nvt/gb_mandriva_MDVSA_2008_126.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-549-1 File : nvt/gb_ubuntu_USN_549_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 regression USN-549-2 File : nvt/gb_ubuntu_USN_549_2.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-628-1 File : nvt/gb_ubuntu_USN_628_1.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0546-01 File : nvt/gb_RHSA-2008_0546-01_php.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0545-01 File : nvt/gb_RHSA-2008_0545-01_php.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0544-01 File : nvt/gb_RHSA-2008_0544-01_php.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0544 centos3 i386 File : nvt/gb_CESA-2008_0544_php_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0546-01 centos2 i386 File : nvt/gb_CESA-2008_0546-01_php_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0544 centos3 x86_64 File : nvt/gb_CESA-2008_0544_php_centos3_x86_64.nasl |
2009-02-17 | Name : Fedora Update for php FEDORA-2008-3606 File : nvt/gb_fedora_2008_3606_php_fc9.nasl |
2009-02-17 | Name : Fedora Update for php FEDORA-2008-3864 File : nvt/gb_fedora_2008_3864_php_fc8.nasl |
2009-01-23 | Name : SuSE Update for php4, php5 SUSE-SA:2008:004 File : nvt/gb_suse_2008_004.nasl |
2008-11-19 | Name : Gentoo Security Advisory GLSA 200811-05 (php) File : nvt/glsa_200811_05.nasl |
2008-10-07 | Name : Multiple Vulnerabilities in PHP August-08 File : nvt/gb_php_mult_vuln_aug08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-02 (php) File : nvt/glsa_200710_02.nasl |
2008-09-04 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php51.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1578-1 (php4) File : nvt/deb_1578_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1572-1 (php5) File : nvt/deb_1572_1.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1444-2 (php5) File : nvt/deb_1444_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1444-1 (php5) File : nvt/deb_1444_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45874 | PHP chunk_split Function Unspecified Issue |
44910 | PHP GENERATE_SEED Macro Multiplication Precision Weakness Random Functions Ba... |
44909 | PHP GENERATE_SEED Macro Seed Prediction Weakness Random Functions Based Prote... |
44908 | PHP escapeshellcmd API Function Multibyte Chars Unspecified Issue |
38918 | PHP output_add_rewrite_var Function Form Rewrite Information Disclosure |
38683 | PHP htmlentities/htmlspecialchars Partial Multibyte Sequence Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12049.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-080625.nasl - Type : ACT_GATHER_INFO |
2009-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1789.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-128.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-126.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-127.nasl - Type : ACT_GATHER_INFO |
2008-11-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200811-05.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0546.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5379.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3864.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3606.nasl - Type : ACT_GATHER_INFO |
2008-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-128-01.nasl - Type : ACT_GATHER_INFO |
2008-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1578.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1572.nasl - Type : ACT_GATHER_INFO |
2008-05-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_6.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4909.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4810.nasl - Type : ACT_GATHER_INFO |
2008-01-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1444.nasl - Type : ACT_GATHER_INFO |
2008-01-03 | Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_8.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-4808.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-549-2.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-549-1.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_5.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_71d903fc602d11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_4.nasl - Type : ACT_GATHER_INFO |