Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:285 | First vendor Publication | 2009-10-20 |
Vendor | Mandriva | Last vendor Modification | 2009-10-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been found and corrected in php: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information (CVE-2009-3546). Added two upstream patches to address a bypass vulnerability in open_basedir and safe_mode. Additionally on CS4 a regression was found and fixed when using the gd-bundled.so variant from the php-gd package. This update fixes these vulnerabilities. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:285 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13099 | |||
Oval ID: | oval:org.mitre.oval:def:13099 | ||
Title: | DSA-1936-1 libgd2 -- several | ||
Description: | Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0455 Kees Cook discovered a buffer overflow in libgd2's font renderer. An attacker could cause denial of service and possibly execute arbitrary code via a crafted string with a JIS encoded font. This issue only affects the oldstable distribution. CVE-2009-3546 Tomas Hoger discovered a boundary error in the "_gdGetColors" function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file. For the oldstable distribution, these problems have been fixed in version 2.0.33-5.2etch2. For the stable distribution, these problems have been fixed in version 2.0.36~rc1~dfsg-3+lenny1. For the upcoming stable distribution and the unstable distribution ion, these problems have been fixed in version 2.0.36~rc1~dfsg-3.1. We recommend that you upgrade your libgd2 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1936-1 CVE-2007-0455 CVE-2009-3546 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libgd2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22090 | |||
Oval ID: | oval:org.mitre.oval:def:22090 | ||
Title: | RHSA-2010:0003: gd security update (Moderate) | ||
Description: | The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0003-01 CESA-2010:0003 CVE-2009-3546 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22668 | |||
Oval ID: | oval:org.mitre.oval:def:22668 | ||
Title: | ELSA-2010:0003: gd security update (Moderate) | ||
Description: | The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0003-01 CVE-2009-3546 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | gd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7047 | |||
Oval ID: | oval:org.mitre.oval:def:7047 | ||
Title: | HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS) | ||
Description: | Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3293 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7396 | |||
Oval ID: | oval:org.mitre.oval:def:7396 | ||
Title: | HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS) | ||
Description: | The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3557 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8225 | |||
Oval ID: | oval:org.mitre.oval:def:8225 | ||
Title: | DSA-1936 libgd2 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: Kees Cook discovered a buffer overflow in libgd2's font renderer. An attacker could cause denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. This issue only affects the oldstable distribution (etch). Tomas Hoger discovered a boundary error in the "_gdGetColors()" function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1936 CVE-2007-0455 CVE-2009-3546 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libgd2 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-30 | Name : Fedora Update for gd FEDORA-2012-9298 File : nvt/gb_fedora_2012_9298_gd_fc17.nasl |
2012-07-03 | Name : Fedora Update for gd FEDORA-2012-9314 File : nvt/gb_fedora_2012_9314_gd_fc16.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.11 File : nvt/nopsec_php_5_2_11.nasl |
2012-06-21 | Name : PHP version smaller than 5.3.1 File : nvt/nopsec_php_5_3_1.nasl |
2011-08-09 | Name : CentOS Update for gd CESA-2010:0003 centos5 i386 File : nvt/gb_CESA-2010_0003_gd_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for php CESA-2010:0040 centos5 i386 File : nvt/gb_CESA-2010_0040_php_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-16 (gd) File : nvt/glsa_201006_16.nasl |
2010-06-23 | Name : HP-UX Update for Apache with PHP HPSBUX02543 File : nvt/gb_hp_ux_HPSBUX02543.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-03-02 | Name : Fedora Update for php FEDORA-2010-0495 File : nvt/gb_fedora_2010_0495_php_fc11.nasl |
2010-03-02 | Name : Fedora Update for maniadrive FEDORA-2010-0495 File : nvt/gb_fedora_2010_0495_maniadrive_fc11.nasl |
2010-01-19 | Name : CentOS Update for php CESA-2010:0040 centos4 i386 File : nvt/gb_CESA-2010_0040_php_centos4_i386.nasl |
2010-01-19 | Name : RedHat Update for php RHSA-2010:0040-01 File : nvt/gb_RHSA-2010_0040-01_php.nasl |
2010-01-19 | Name : CentOS Update for php CESA-2010:0040 centos4 x86_64 File : nvt/gb_CESA-2010_0040_php_centos4_x86_64.nasl |
2010-01-19 | Name : CentOS Update for php CESA-2010:0040 centos3 x86_64 File : nvt/gb_CESA-2010_0040_php_centos3_x86_64.nasl |
2010-01-19 | Name : CentOS Update for php CESA-2010:0040 centos3 i386 File : nvt/gb_CESA-2010_0040_php_centos3_i386.nasl |
2010-01-19 | Name : CentOS Update for gd CESA-2010:0003 centos4 x86_64 File : nvt/gb_CESA-2010_0003_gd_centos4_x86_64.nasl |
2010-01-19 | Name : CentOS Update for gd CESA-2010:0003 centos4 i386 File : nvt/gb_CESA-2010_0003_gd_centos4_i386.nasl |
2010-01-15 | Name : RedHat Update for gd RHSA-2010:0003-01 File : nvt/gb_RHSA-2010_0003-01_gd.nasl |
2009-12-30 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php56.nasl |
2009-12-10 | Name : Fedora Core 12 FEDORA-2009-12017 (maniadrive) File : nvt/fcore_2009_12017.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:324 (php) File : nvt/mdksa_2009_324.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:284-1 (gd) File : nvt/mdksa_2009_284_1.nasl |
2009-12-03 | Name : Mandriva Security Advisory MDVSA-2009:303 (php) File : nvt/mdksa_2009_303.nasl |
2009-12-03 | Name : Ubuntu USN-862-1 (php5) File : nvt/ubuntu_862_1.nasl |
2009-11-23 | Name : Debian Security Advisory DSA 1936-1 (libgd2) File : nvt/deb_1936_1.nasl |
2009-11-23 | Name : Ubuntu USN-854-1 (libgd2) File : nvt/ubuntu_854_1.nasl |
2009-11-11 | Name : FreeBSD Ports: gd File : nvt/freebsd_gd1.nasl |
2009-10-27 | Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php4.nasl |
2009-10-27 | Name : SuSE Security Summary SUSE-SR:2009:017 File : nvt/suse_sr_2009_017.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:284 (gd) File : nvt/mdksa_2009_284.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:285 (php) File : nvt/mdksa_2009_285.nasl |
2009-10-23 | Name : GD Graphics Library '_gdGetColors()' Buffer Overflow Vulnerability (Linux) File : nvt/gb_gd_graphics_library_bof_vuln_lin.nasl |
2009-10-23 | Name : PHP '_gdGetColors()' Buffer Overflow Vulnerability File : nvt/gb_php_gdGetColors_bof_vuln.nasl |
2009-10-19 | Name : SLES11: Security update for PHP5 File : nvt/sles11_apache2-mod_php1.nasl |
2009-10-19 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php55.nasl |
2009-09-29 | Name : PHP Multiple Vulnerabilities - Sep09 File : nvt/secpod_php_mult_vuln_sep09.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:248 (php) File : nvt/mdksa_2009_248.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:247 (php) File : nvt/mdksa_2009_247.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:246 (php) File : nvt/mdksa_2009_246.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-024-02 php File : nvt/esoft_slk_ssa_2010_024_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-276-02 php File : nvt/esoft_slk_ssa_2009_276_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60435 | PHP ext/posix/posix.c posix_mkfifo() Function open_basedir Bypass |
60434 | PHP ext/standard/file.c tempnam() Function safe_mode Bypass |
59071 | PHP gd_gd.c _gdGetColors Function colorsTotal Structure Remote Overflow Weakness |
58187 | PHP imagecolortransparent Color Index Handling Unspecified Issue |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-05-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-120-01.nasl - Type : ACT_GATHER_INFO |
2015-10-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-604.nasl - Type : ACT_GATHER_INFO |
2015-07-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0040.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0003.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100104_gd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100113_php_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9298.nasl - Type : ACT_GATHER_INFO |
2012-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9314.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-6847.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-6536.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-303.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-302.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-248.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-0495.nasl - Type : ACT_GATHER_INFO |
2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-16.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1936.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-mod_php5-100215.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-6846.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-024-02.nasl - Type : ACT_GATHER_INFO |
2010-01-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0040.nasl - Type : ACT_GATHER_INFO |
2010-01-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0040.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0003.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0003.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_12.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_39a25a63eb5c11deb65000215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-324.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-12017.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-862-1.nasl - Type : ACT_GATHER_INFO |
2009-11-20 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_3_1.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4e8344a3ca5211de8ee800215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2009-11-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-854-1.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-6505.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-285.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-284.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-mod_php5-090924.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-090924.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-6510.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-090924.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_437a68cfb75211deb6eb00e0815b8da8.nasl - Type : ACT_GATHER_INFO |
2009-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-276-02.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-247.nasl - Type : ACT_GATHER_INFO |
2009-09-18 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_11.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:40:54 |
|
2013-05-11 00:47:49 |
|