Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / CGI abuses / PHP < 5.2.6 Multiple Vulnerabilities
server monitoring

PHP < 5.2.6 Multiple Vulnerabilities
Article ID: 32123
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 806
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

PHP < 5.2.6 Multiple Vulnerabilities
This script is Copyright (C) 2008 Tenable Network Security, Inc.

FamilyCGI abuses
Plugin ID32123
Bugtraq ID27413
28392
29009
CVE IDCVE-2007-4850
CVE-2008-0599
CVE-2008-1384
CVE-2008-2050
CVE-2008-2051

Description:

Synopsis :

The remote web server uses a version of PHP that is affected by
multiple flaws.

Description :

According to its banner, the version of PHP installed on the remote
host is older than 5.2.6. Such versions may be affected by the
following issues :

- A stack buffer overflow in FastCGI SAPI.

- An integer overflow in printf().

- An security issue arising from improper calculation
of the length of PATH_TRANSLATED in cgi_main.c.

- A safe_mode bypass in cURL.

- Incomplete handling of multibyte chars inside
escapeshellcmd().

- Issues in the bundled PCRE fixed by version 7.6.

See also :

http://archives.neohapsis.com/archives/bugtraq/2008-03/0321.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0107.html
http://www.php.net/releases/5_2_6.php

Solution :

Upgrade to PHP version 5.2.6 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
This article was:   Helpful | Not Helpful
Prev   Next
RunCMS Remote Arbitrary File Upload Vulnerability     

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events