Executive Summary
Summary | |
---|---|
Title | PHP vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-549-1 | First vendor Publication | 2007-11-29 |
Vendor | Ubuntu | Last vendor Modification | 2007-11-29 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998) Integer overflows were discovered in the strspn and strcspn functions. Attackers could exploit this to read arbitrary areas of memory, possibly gaining access to sensitive information. (CVE-2007-4657) Stanislav Malyshev discovered that money_format function did not correctly handle certain tokens. If a PHP application were tricked into processing a bad format string, a remote attacker could execute arbitrary code with application privileges. (CVE-2007-4658) It was discovered that the php_openssl_make_REQ function did not correctly check buffer lengths. A remote attacker could send a specially crafted message and execute arbitrary code with application privileges. (CVE-2007-4662) It was discovered that certain characters in session cookies were not handled correctly. A remote attacker could injection values which could lead to altered application behavior, potentially gaining additional privileges. (CVE-2007-3799) Gerhard Wagner discovered that the chunk_split function did not correctly handle long strings. A remote attacker could exploit this to execute arbitrary code with application privileges. (CVE-2007-2872, CVE-2007-4660, CVE-2007-4661) Stefan Esser discovered that deeply nested arrays could be made to fill stack space. A remote attacker could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-1285, CVE-2007-4670) Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. (CVE-2007-5898) It was discovered that the output_add_rewrite_var fucntion would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user's login credentials. (CVE-2007-5899) |
Original Source
Url : http://www.ubuntu.com/usn/USN-549-1 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
CAPEC-99 | XML Parser Attack |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
27 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
18 % | CWE-399 | Resource Management Errors |
18 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
18 % | CWE-20 | Improper Input Validation |
9 % | CWE-674 | Uncontrolled Recursion |
9 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16967 | |||
Oval ID: | oval:org.mitre.oval:def:16967 | ||
Title: | USN-549-2 -- php5 regression | ||
Description: | USN-549-1 fixed vulnerabilities in PHP. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-549-2 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4662 CVE-2007-3799 CVE-2007-2872 CVE-2007-4660 CVE-2007-4661 CVE-2007-1285 CVE-2007-4670 CVE-2007-5898 CVE-2007-5899 | Version: | 7 |
Platform(s): | Ubuntu 7.10 | Product(s): | php5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17624 | |||
Oval ID: | oval:org.mitre.oval:def:17624 | ||
Title: | USN-549-1 -- php5 vulnerabilities | ||
Description: | It was discovered that the wordwrap function did not correctly check lengths. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-549-1 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4662 CVE-2007-3799 CVE-2007-2872 CVE-2007-4660 CVE-2007-4661 CVE-2007-1285 CVE-2007-4670 CVE-2007-5898 CVE-2007-5899 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | php5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.5 File : nvt/nopsec_php_5_2_5.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.4 File : nvt/nopsec_php_5_2_4.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.3 File : nvt/nopsec_php_5_2_3.nasl |
2012-06-21 | Name : PHP version smaller than 4.4.8 File : nvt/nopsec_php_4_4_8.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015662.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015608.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5012110.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02308 File : nvt/gb_hp_ux_HPSBUX02308.nasl |
2009-05-05 | Name : HP-UX Update for Apache With PHP HPSBUX02332 File : nvt/gb_hp_ux_HPSBUX02332.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02262 File : nvt/gb_hp_ux_HPSBUX02262.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:127 (php) File : nvt/gb_mandriva_MDVSA_2008_127.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:126 (php) File : nvt/gb_mandriva_MDVSA_2008_126.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:187 (php) File : nvt/gb_mandriva_MDKSA_2007_187.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:090 (php) File : nvt/gb_mandriva_MDKSA_2007_090.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:089 (php) File : nvt/gb_mandriva_MDKSA_2007_089.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-628-1 File : nvt/gb_ubuntu_USN_628_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 regression USN-549-2 File : nvt/gb_ubuntu_USN_549_2.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-549-1 File : nvt/gb_ubuntu_USN_549_1.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0546-01 File : nvt/gb_RHSA-2008_0546-01_php.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0544-01 File : nvt/gb_RHSA-2008_0544-01_php.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0545-01 File : nvt/gb_RHSA-2008_0545-01_php.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-415 File : nvt/gb_fedora_2007_415_php_fc6.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0544 centos3 i386 File : nvt/gb_CESA-2008_0544_php_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0544 centos3 x86_64 File : nvt/gb_CESA-2008_0544_php_centos3_x86_64.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-2215 File : nvt/gb_fedora_2007_2215_php_fc7.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-709 File : nvt/gb_fedora_2007_709_php_fc6.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0546-01 centos2 i386 File : nvt/gb_CESA-2008_0546-01_php_centos2_i386.nasl |
2009-02-17 | Name : Fedora Update for php FEDORA-2008-3606 File : nvt/gb_fedora_2008_3606_php_fc9.nasl |
2009-02-17 | Name : Fedora Update for php FEDORA-2008-3864 File : nvt/gb_fedora_2008_3864_php_fc8.nasl |
2009-01-23 | Name : SuSE Update for php4, php5 SUSE-SA:2008:004 File : nvt/gb_suse_2008_004.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-19 (php) File : nvt/glsa_200705_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-02 (php) File : nvt/glsa_200710_02.nasl |
2008-09-04 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php51.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1578-1 (php4) File : nvt/deb_1578_1.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1444-2 (php5) File : nvt/deb_1444_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1444-1 (php5) File : nvt/deb_1444_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-152-01 php5 File : nvt/esoft_slk_ssa_2007_152_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-045-03 php File : nvt/esoft_slk_ssa_2008_045_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58616 | PHP string.c chunk_split Function Unspecified Overflow |
45874 | PHP chunk_split Function Unspecified Issue |
38918 | PHP output_add_rewrite_var Function Form Rewrite Information Disclosure |
38683 | PHP htmlentities/htmlspecialchars Partial Multibyte Sequence Weakness |
36865 | PHP money_format Function Unspecified Issue |
36863 | PHP Unspecified Issue (Zend Engine) |
36862 | PHP strcspn Function Overflow |
36861 | PHP strspn Function Overflow |
36859 | PHP php_openssl_make_REQ Function Overflow |
36858 | PHP wordwrap Function breakcharlen Variable DoS |
36855 | PHP ext/session session_start Function Cookie Manipulation |
36083 | PHP chunk_split Function Multiple Argument Overflows |
32769 | PHP Zend Engine Variable Destruction Deep Recursion Overflow Zend Engine I in PHP 4.4.6 and lower, and Zend Engine II in PHP versions 5.2.1 and lower, contain flaws that may allow a remote denial of service. The issue is due to the application not enforcing sanity checks for the depth of nested arrays which allows a remote user to create very deeply nested array structures. Since the destruction of PHP arrays is done in a recursive way, the attempted destruction of the user's deeply nested array will result in a crash when the stack limit is exhausted, leading to a loss of availability for the service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL7859.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0155.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070926_php_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070920_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11666.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12049.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-090.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-126.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-127.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0546.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3864.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3606.nasl - Type : ACT_GATHER_INFO |
2008-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1578.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2008-02-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-045-03.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4909.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4810.nasl - Type : ACT_GATHER_INFO |
2008-01-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1444.nasl - Type : ACT_GATHER_INFO |
2008-01-03 | Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_8.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-4808.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-3980.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-549-2.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-549-1.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_5.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2215.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0888.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3979.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3978.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2007-09-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-709.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_71d903fc602d11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_4.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-152-01.nasl - Type : ACT_GATHER_INFO |
2007-06-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_3.nasl - Type : ACT_GATHER_INFO |
2007-05-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-19.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0082.nasl - Type : ACT_GATHER_INFO |
2007-05-04 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_7_or_5_2_2.nasl - Type : ACT_GATHER_INFO |
2007-04-30 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-089.nasl - Type : ACT_GATHER_INFO |
2007-04-30 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-455.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-415.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0154.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:47 |
|