Executive Summary

Summary
Title PHP vulnerabilities
Informations
NameUSN-882-1First vendor Publication2010-01-13
VendorUbuntuLast vendor Modification2010-01-13
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
php5-cgi 5.1.2-1ubuntu3.18
php5-cli 5.1.2-1ubuntu3.18

Ubuntu 8.04 LTS:
php5-cgi 5.2.4-2ubuntu5.10
php5-cli 5.2.4-2ubuntu5.10

Ubuntu 8.10:
php5-cgi 5.2.6-2ubuntu4.6
php5-cli 5.2.6-2ubuntu4.6

Ubuntu 9.04:
php5-cgi 5.2.6.dfsg.1-3ubuntu4.5
php5-cli 5.2.6.dfsg.1-3ubuntu4.5

Ubuntu 9.10:
php5-cgi 5.2.10.dfsg.1-2ubuntu6.4
php5-cli 5.2.10.dfsg.1-2ubuntu6.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Maksymilian Arciemowicz discovered that PHP did not properly handle the
ini_restore function. An attacker could exploit this issue to obtain
random memory contents or to cause the PHP server to crash, resulting in a
denial of service. (CVE-2009-2626)

It was discovered that the htmlspecialchars function did not properly
handle certain character sequences, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2009-4142)

Stefan Esser discovered that PHP did not properly handle session data. An
attacker could exploit this issue to bypass safe_mode or open_basedir
restrictions. (CVE-2009-4143)


Original Source

Url : http://www.ubuntu.com/usn/USN-882-1

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7085
 
Oval ID: oval:org.mitre.oval:def:7085
Title: HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)
Description: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4142
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21391
 
Oval ID: oval:org.mitre.oval:def:21391
Title: RHSA-2010:0040: php security update (Moderate)
Description: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family: unix Class: patch
Reference(s): RHSA-2010:0040-01
CESA-2010:0040
CVE-2009-2687
CVE-2009-3291
CVE-2009-3292
CVE-2009-3546
CVE-2009-4017
CVE-2009-4142
Version: 81
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10005
 
Oval ID: oval:org.mitre.oval:def:10005
Title: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Description: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4142
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23025
 
Oval ID: oval:org.mitre.oval:def:23025
Title: ELSA-2010:0040: php security update (Moderate)
Description: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family: unix Class: patch
Reference(s): ELSA-2010:0040-01
CVE-2009-2687
CVE-2009-3291
CVE-2009-3292
CVE-2009-3546
CVE-2009-4017
CVE-2009-4142
Version: 26
Platform(s): Oracle Linux 5
Oracle Linux 4
Oracle Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7439
 
Oval ID: oval:org.mitre.oval:def:7439
Title: HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)
Description: PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4143
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application119

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for php CESA-2010:0040 centos5 i386
File : nvt/gb_CESA-2010_0040_php_centos5_i386.nasl
2010-06-23Name : HP-UX Update for Apache with PHP HPSBUX02543
File : nvt/gb_hp_ux_HPSBUX02543.nasl
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-03-02Name : Mandriva Update for php MDVSA-2010:045 (php)
File : nvt/gb_mandriva_MDVSA_2010_045.nasl
2010-03-02Name : Fedora Update for maniadrive FEDORA-2010-0495
File : nvt/gb_fedora_2010_0495_maniadrive_fc11.nasl
2010-03-02Name : Fedora Update for php FEDORA-2010-0495
File : nvt/gb_fedora_2010_0495_php_fc11.nasl
2010-01-29Name : Mandriva Update for urpmi MDVA-2010:045 (urpmi)
File : nvt/gb_mandriva_MDVA_2010_045.nasl
2010-01-19Name : Mandriva Update for php MDVSA-2010:008 (php)
File : nvt/gb_mandriva_MDVSA_2010_008.nasl
2010-01-19Name : Mandriva Update for php MDVSA-2010:009 (php)
File : nvt/gb_mandriva_MDVSA_2010_009.nasl
2010-01-19Name : CentOS Update for php CESA-2010:0040 centos3 i386
File : nvt/gb_CESA-2010_0040_php_centos3_i386.nasl
2010-01-19Name : CentOS Update for php CESA-2010:0040 centos3 x86_64
File : nvt/gb_CESA-2010_0040_php_centos3_x86_64.nasl
2010-01-19Name : CentOS Update for php CESA-2010:0040 centos4 i386
File : nvt/gb_CESA-2010_0040_php_centos4_i386.nasl
2010-01-19Name : CentOS Update for php CESA-2010:0040 centos4 x86_64
File : nvt/gb_CESA-2010_0040_php_centos4_x86_64.nasl
2010-01-19Name : Ubuntu Update for php5 vulnerabilities USN-882-1
File : nvt/gb_ubuntu_USN_882_1.nasl
2010-01-19Name : RedHat Update for php RHSA-2010:0040-01
File : nvt/gb_RHSA-2010_0040-01_php.nasl
2010-01-07Name : Gentoo Security Advisory GLSA 201001-03 (php)
File : nvt/glsa_201001_03.nasl
2009-12-30Name : FreeBSD Ports: php5
File : nvt/freebsd_php56.nasl
2009-12-18Name : PHP < 5.2.12 Multiple Vulnerabilities
File : nvt/php_dec_2009.nasl
2009-12-04Name : PHP Multiple Vulnerabilities Dec-09
File : nvt/gb_php_mult_vuln_dec09.nasl
0000-00-00Name : Slackware Advisory SSA:2010-024-02 php
File : nvt/esoft_slk_ssa_2010_024_02.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
61209PHP htmlspecialchars() Invalid Byte Sequence XSS
61208PHP $_SESSION Interrupt Corruption Unspecified Issue
60654PHP zend_ini.c zend_restore_ini_entry_cb Function Memory Content Information ...

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100113_php_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6847.nasl - Type : ACT_GATHER_INFO
2010-09-17Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_6_2_0_12.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-009.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-0495.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-02-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1940.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2001.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2002.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-045.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote SuSE system is missing a security patch for apache2-mod_php5
File : suse_11_0_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote SuSE system is missing a security patch for apache2-mod_php5
File : suse_11_2_apache2-mod_php5-100215.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6846.nasl - Type : ACT_GATHER_INFO
2010-02-23Name : The remote SuSE system is missing a security patch for apache2-mod_php5
File : suse_11_1_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-01-25Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-024-02.nasl - Type : ACT_GATHER_INFO
2010-01-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-008.nasl - Type : ACT_GATHER_INFO
2010-01-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2010-01-14Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-882-1.nasl - Type : ACT_GATHER_INFO
2010-01-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2009-12-18Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_39a25a63eb5c11deb65000215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-12-18Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_12.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 12:06:29
  • Multiple Updates