The remote web server uses a version of PHP that is affected by
multiple flaws.
Description :
According to its banner, the version of PHP installed on the remote
host is older than 5.2.7. Such versions may be affected by several
security issues :
- File truncation can occur when calling dba_replace()
with an invalid argument.
- There is a buffer overflow in the bundled PCRE library
fixed by 7.8. (CVE-2008-2371)
- A buffer overflow in the imageloadfont() function in
ext/gd/gd.c can be triggered when a specially crafted
font is given. (CVE-2008-3658)
- There is a buffer overflow in PHPs internal function
memnstr(), which is exposed to userspace as
explode(). (CVE-2008-3659)
- When used as a FastCGI module, PHP segfaults when
opening a file whose name contains two dots (eg,
file..php). (CVE-2008-3660)
- Multiple directory traversal vulnerabilities in
functions such as posix_access(), chdir(), ftok()
may allow a remote attacker to bypass safe_mode
restrictions. (CVE-2008-2665 and CVE-2008-2666).
- A buffer overflow may be triggered when processing long
message headers in php_imap.c due to use of an
obsolete API call. (CVE-2008-2829)
- A heap-based buffer overflow may be triggered via
a call to mb_check_encoding(), part of the mbstring
extension. (CVE-2008-5557)
- Missing initialization of BG(page_uid) and
BG(page_gid) when PHP is used as an Apache module
may allow for bypassing security restriction due to
SAPI php_getuid() overloading. (CVE-2008-5624)
- Incorrect php_value order for Apache configuration
may allow bypassing PHPs safe_mode setting.
(CVE-2008-5625)
- The ZipArchive:extractTo() method in the ZipArchive
extension fails to filter directory traversal
sequences from file names. (CVE-2008-5658)
Note that 5.2.7 was been removed from distribution because of a
regression in that version that results in the magic_quotes_gpc
setting remaining off even if it was set to on.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
