| VID |
22308 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web server is running a version of PHP which is older than 5.0.3 or 4.3.10.
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. PHP versions prior to 5.0.3 or 4.3.10 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported:
- A heap-based buffer overflow is reported to affect the PHP 'pack()' function call.
- A heap-based memory disclosure vulnerability is reported to affect the PHP 'unpack()' function call.
- PHP safe_mode_exec_dir is reported prone to an access control bypass vulnerability.
- PHP safe_mode is reported prone to an access control bypass vulnerability.
- PHP is reported prone to a 'realpath()' path truncation vulnerability.
- The PHP function 'unserialize()' is reported prone to a memory corruption vulnerability.
- The PHP function 'unserialize()' is also reported prone to an additional vulnerability.
- PHP4 is reported prone to a directory traversal vulnerability. It is reported that this issue arises in the default configuration, which is shipped with the 'magic_quotes_gpc' directive set to 'On'.
- PHP4 and PHP5 are reported prone to a vulnerability that allows an attacker to upload a file to an arbitrary location. This issue also arises when the 'magic_quotes_gpc' directive set to 'On'.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.php.net/ChangeLog-5.php#5.0.3
http://www.securityfocus.com/archive/1/384663
http://www.securityfocus.com/advisories/7648
http://www.securityfocus.com/advisories/7646
http://www.securityfocus.com/archive/1/384545
http://www.securityfocus.com/archive/1/384568
* Platforms Affected:
PHP 4.3.10 prior
PHP 5.0.3 prior
Any operating systems Any version |
| Recommendation |
Upgrade to the latest version of PHP (5.0.3 or 4.3.10 or later), available from the PHP Web site at http://www.php.net |
| Related URL |
CVE-2004-1018,CVE-2004-1019,CVE-2004-1063 (CVE) |
| Related URL |
11964,11981,11992 (SecurityFocus) |
| Related URL |
(ISS) |
|
