Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title PHP vulnerabilities
Informations
NameUSN-882-1First vendor Publication2010-01-13
VendorUbuntuLast vendor Modification2010-01-13
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
php5-cgi 5.1.2-1ubuntu3.18
php5-cli 5.1.2-1ubuntu3.18

Ubuntu 8.04 LTS:
php5-cgi 5.2.4-2ubuntu5.10
php5-cli 5.2.4-2ubuntu5.10

Ubuntu 8.10:
php5-cgi 5.2.6-2ubuntu4.6
php5-cli 5.2.6-2ubuntu4.6

Ubuntu 9.04:
php5-cgi 5.2.6.dfsg.1-3ubuntu4.5
php5-cli 5.2.6.dfsg.1-3ubuntu4.5

Ubuntu 9.10:
php5-cgi 5.2.10.dfsg.1-2ubuntu6.4
php5-cli 5.2.10.dfsg.1-2ubuntu6.4

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. (CVE-2009-2626)

It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-4142)

Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions. (CVE-2009-4143)

Original Source

Url : http://www.ubuntu.com/usn/USN-882-1

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7085
 
Oval ID: oval:org.mitre.oval:def:7085
Title: HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)
Description: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4142
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21391
 
Oval ID: oval:org.mitre.oval:def:21391
Title: RHSA-2010:0040: php security update (Moderate)
Description: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family: unix Class: patch
Reference(s): RHSA-2010:0040-01
CESA-2010:0040
CVE-2009-2687
CVE-2009-3291
CVE-2009-3292
CVE-2009-3546
CVE-2009-4017
CVE-2009-4142
Version: 81
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10005
 
Oval ID: oval:org.mitre.oval:def:10005
Title: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Description: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4142
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23025
 
Oval ID: oval:org.mitre.oval:def:23025
Title: ELSA-2010:0040: php security update (Moderate)
Description: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family: unix Class: patch
Reference(s): ELSA-2010:0040-01
CVE-2009-2687
CVE-2009-3291
CVE-2009-3292
CVE-2009-3546
CVE-2009-4017
CVE-2009-4142
Version: 29
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7445
 
Oval ID: oval:org.mitre.oval:def:7445
Title: DSA-2002 polipo -- denial of service
Description: Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: A malicous remote sever could cause polipo to crash by sending an invalid Cache-Control header. A malicous client could cause polipo to crash by sending a large Content-Length value. This upgrade also fixes some other bugs that could lead to a daemon crash or an infinite loop and may be triggerable remotely.
Family: unix Class: patch
Reference(s): DSA-2002
CVE-2009-3305
CVE-2009-4413
CVE-2009-4143
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): polipo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7439
 
Oval ID: oval:org.mitre.oval:def:7439
Title: HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)
Description: PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4143
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7367
 
Oval ID: oval:org.mitre.oval:def:7367
Title: DSA-2001 php5 -- multiple vulnerabilities
Description: Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: The htmlspecialchars function does not properly handle invalid multi-byte sequences. Memory corruption via session interruption. In the stable distribution , this update also includes bug fixes that were to be included in a stable point release as version 5.2.6.dfsg.1-1+lenny5.
Family: unix Class: patch
Reference(s): DSA-2001
CVE-2009-4142
CVE-2009-4143
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13556
 
Oval ID: oval:org.mitre.oval:def:13556
Title: DSA-2002-1 polipo -- denial of service
Description: Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3305 A malicious remote sever could cause polipo to crash by sending an invalid Cache-Control header. CVE-2009-4143 A malicious client could cause polipo to crash by sending a large Content-Length value. This upgrade also fixes some other bugs that could lead to a daemon crash or an infinite loop and may be triggerable remotely. For the stable distribution, these problems have been fixed in version 1.0.4-1+lenny1. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.0.4-3. We recommend that you upgrade your polipo packages.
Family: unix Class: patch
Reference(s): DSA-2002-1
CVE-2009-3305
CVE-2009-4413
CVE-2009-4143
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): polipo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13461
 
Oval ID: oval:org.mitre.oval:def:13461
Title: DSA-2001-1 php5 -- multiple
Description: Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4142 The htmlspecialchars function does not properly handle invalid multi-byte sequences. CVE-2009-4143 Memory corruption via session interruption. In the stable distribution, this update also includes bug fixes that were to be included in a stable point release as version 5.2.6.dfsg.1-1+lenny5. For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny6. For the testing distribution and the unstable distribution, these problems have been fixed in version 5.2.12.dfsg.1-1. We recommend that you upgrade your php5 packages.
Family: unix Class: patch
Reference(s): DSA-2001-1
CVE-2009-4142
CVE-2009-4143
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12607
 
Oval ID: oval:org.mitre.oval:def:12607
Title: USN-882-1 -- php5 vulnerabilities
Description: Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions
Family: unix Class: patch
Reference(s): USN-882-1
CVE-2009-2626
CVE-2009-4142
CVE-2009-4143
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): php5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application119

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for php CESA-2010:0040 centos5 i386
File : nvt/gb_CESA-2010_0040_php_centos5_i386.nasl
2010-06-23Name : HP-UX Update for Apache with PHP HPSBUX02543
File : nvt/gb_hp_ux_HPSBUX02543.nasl
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-03-02Name : Mandriva Update for php MDVSA-2010:045 (php)
File : nvt/gb_mandriva_MDVSA_2010_045.nasl
2010-03-02Name : Fedora Update for maniadrive FEDORA-2010-0495
File : nvt/gb_fedora_2010_0495_maniadrive_fc11.nasl
2010-03-02Name : Fedora Update for php FEDORA-2010-0495
File : nvt/gb_fedora_2010_0495_php_fc11.nasl
2010-01-29Name : Mandriva Update for urpmi MDVA-2010:045 (urpmi)
File : nvt/gb_mandriva_MDVA_2010_045.nasl
2010-01-19Name : Mandriva Update for php MDVSA-2010:008 (php)
File : nvt/gb_mandriva_MDVSA_2010_008.nasl
2010-01-19Name : Mandriva Update for php MDVSA-2010:009 (php)
File : nvt/gb_mandriva_MDVSA_2010_009.nasl
2010-01-19Name : CentOS Update for php CESA-2010:0040 centos3 i386
File : nvt/gb_CESA-2010_0040_php_centos3_i386.nasl
2010-01-19Name : CentOS Update for php CESA-2010:0040 centos3 x86_64
File : nvt/gb_CESA-2010_0040_php_centos3_x86_64.nasl
2010-01-19Name : CentOS Update for php CESA-2010:0040 centos4 i386
File : nvt/gb_CESA-2010_0040_php_centos4_i386.nasl
2010-01-19Name : CentOS Update for php CESA-2010:0040 centos4 x86_64
File : nvt/gb_CESA-2010_0040_php_centos4_x86_64.nasl
2010-01-19Name : Ubuntu Update for php5 vulnerabilities USN-882-1
File : nvt/gb_ubuntu_USN_882_1.nasl
2010-01-19Name : RedHat Update for php RHSA-2010:0040-01
File : nvt/gb_RHSA-2010_0040-01_php.nasl
2010-01-07Name : Gentoo Security Advisory GLSA 201001-03 (php)
File : nvt/glsa_201001_03.nasl
2009-12-30Name : FreeBSD Ports: php5
File : nvt/freebsd_php56.nasl
2009-12-18Name : PHP < 5.2.12 Multiple Vulnerabilities
File : nvt/php_dec_2009.nasl
2009-12-04Name : PHP Multiple Vulnerabilities Dec-09
File : nvt/gb_php_mult_vuln_dec09.nasl
0000-00-00Name : Slackware Advisory SSA:2010-024-02 php
File : nvt/esoft_slk_ssa_2010_024_02.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
61209PHP htmlspecialchars() Invalid Byte Sequence XSS
61208PHP $_SESSION Interrupt Corruption Unspecified Issue
60654PHP zend_ini.c zend_restore_ini_entry_cb Function Memory Content Information ...

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100113_php_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6847.nasl - Type : ACT_GATHER_INFO
2010-09-17Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_6_2_0_12.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-009.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-0495.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-02-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1940.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2001.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2002.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-045.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote openSUSE host is missing a security update.
File : suse_11_0_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-100215.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6846.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-01-25Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-024-02.nasl - Type : ACT_GATHER_INFO
2010-01-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-008.nasl - Type : ACT_GATHER_INFO
2010-01-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2010-01-14Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-882-1.nasl - Type : ACT_GATHER_INFO
2010-01-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2009-12-18Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_39a25a63eb5c11deb65000215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-12-18Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_12.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 12:06:29
  • Multiple Updates