Executive Summary
Summary | |
---|---|
Title | php security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0076 | First vendor Publication | 2007-02-19 |
Vendor | RedHat | Last vendor Modification | 2007-02-19 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906) If unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988) If the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908) If the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909) A one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907) Several flaws in PHP could allows attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Stefan Esser for his help diagnosing these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 228858 - CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0076.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.1 File : nvt/nopsec_php_5_2_1.nasl |
2012-06-21 | Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl |
2010-04-23 | Name : PHP 5.2.0 and Prior Versions Multiple Vulnerabilities File : nvt/gb_php_22496.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5017282.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5009300.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:048 (php) File : nvt/gb_mandriva_MDKSA_2007_048.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-424-1 File : nvt/gb_ubuntu_USN_424_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 regression USN-424-2 File : nvt/gb_ubuntu_USN_424_2.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-261 File : nvt/gb_fedora_2007_261_php_fc6.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-287 File : nvt/gb_fedora_2007_287_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl |
2009-01-28 | Name : SuSE Update for php4,php5 SUSE-SA:2007:020 File : nvt/gb_suse_2007_020.nasl |
2009-01-28 | Name : SuSE Update for php4,php5 SUSE-SA:2007:032 File : nvt/gb_suse_2007_032.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-21 (php) File : nvt/glsa_200703_21.nasl |
2008-09-04 | Name : php -- multiple vulnerabilities File : nvt/freebsd_php5-imap.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1264-1 (php4) File : nvt/deb_1264_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-053-01 php File : nvt/esoft_slk_ssa_2007_053_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34715 | PHP ibase_modify_user() Function Unspecified Overflow |
34714 | PHP ibase_add_user() Function Unspecified Overflow |
34713 | PHP ibase_delete_user() Function Unspecified Overflow |
34712 | PHP mail() Function Unspecified Overflow |
34711 | PHP str_replace() Function Unspecified Overflow |
34710 | PHP stream Filters Unspecified Overflow |
34709 | PHP sqlite Extension Unspecified Overflow |
34708 | PHP imap Extension Unspecified Overflow |
34707 | PHP zip Extension Unspecified Overflow |
34706 | PHP Session Extension Unspecified Overflow |
32767 | PHP sapi_header_op Function Underflow DoS |
32766 | PHP wddx Extension Unspecified Information Disclosure PHP contains a flaw that may allow a context-dependent attacker to gain access to privileged information. The issue is due to the WDDX deserializer in the wddx extension not properly initializing the key_length variable for numerical keys. This may allow an attacker to read arbitrary parts of the stack memory via a crafted wddxPacket alement. |
32765 | PHP odbc_result_all Function Format String |
32764 | PHP on 64-bit Multiple print Function Format String |
32763 | PHP Super-global Variable Unspecified Clobber |
32762 | PHP on 64-bit zend_hash_init Function Remote DoS PHP contains a flaw that may all a context-dependent attacker to deny service. The issue occurs on 64-bit platforms when the zend_hash_init function unserializing certain expressions causing 32-bit arguments to be used after the check for a negative value. This may cause the application to enter an infinite loop and require a restart. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-3290.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-2684.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-424-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-424-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3289.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-2687.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0082.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_5.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_1.nasl - Type : ACT_GATHER_INFO |
2007-03-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-21.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1264.nasl - Type : ACT_GATHER_INFO |
2007-02-27 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-287.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-048.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-053-01.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0081.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-261.nasl - Type : ACT_GATHER_INFO |
2007-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2007-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7fcf1727be7111dbb2ec000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:27 |
|