<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
Duncan, Brian M. ha scritto:
<blockquote
cite="mid:65234743FE1555428435CE39E6AC407803795178@CHI-US-EXCH-01.us.kmz.com"
type="cite">
<title></title>
<meta http-equiv="Content-Type" content="text/html; ">
<meta content="MSHTML 6.00.6002.18255" name="GENERATOR">
<div dir="ltr" align="left"><span class="054440713-19082010"><font
color="#0000ff" face="Arial" size="2">My intent was not to create a
discussion on how open to attack PHP is related to other products.</font></span></div>
<div dir="ltr" align="left"><span class="054440713-19082010"></span> </div>
<div dir="ltr" align="left"><span class="054440713-19082010"><font
color="#0000ff" face="Arial" size="2">Nesuus was obviously displaying
high importance alerts based on the PHP banner version that was being
returned when I still had expose=on in the php.ini. </font></span></div>
<div dir="ltr" align="left"><span class="054440713-19082010"></span> </div>
<div dir="ltr" align="left"><span class="054440713-19082010"><font
color="#0000ff" face="Arial" size="2">If you are saying that all the
vulnerabilities that are present in the version that is installed can
only be exploited with poorly coded PHP code, then I am not concerned
if Jules is not ..</font></span></div>
<div> </div>
</blockquote>
Nor i can assure that my code is clean of bug (who can ?) as a bunch of
lines was suggested by me to julian.<br>
The nessus advice is a generic warning about php (i believe also that
5.1.6 it's too old) vulnerabilities, but not all the vulnerabilities
are exploitable by a remote attacker.<br>
In the specific, looking at <br>
<br>
<a class="moz-txt-link-freetext" href="http://www.nessus.org/plugins/index.php?view=single&id=28181">http://www.nessus.org/plugins/index.php?view=single&id=28181</a><br>
<br>
and browsing the 3 links about the vulnerabilities CVE* there are some
"unknown" cases for which ths can lead to a problem for an application
as zendto (CVE-2007-5898).<br>
It's clear that upgrade of php it's the better solution for a risk
analysis perspective, but it's not an imperative indication.<br>
The only response to your question is a in-deep check with formal
methods to assure that the system is correct.... Have you some billion
of years to wait for ?<br>
<blockquote
cite="mid:65234743FE1555428435CE39E6AC407803795178@CHI-US-EXCH-01.us.kmz.com"
type="cite">
<div><span class="054440713-19082010"></span> </div>
<!-- Converted from text/plain format -->
<p><font size="2">BRIAN M. DUNCAN<br>
Data Security Administrator<br>
Katten Muchin Rosenman LLP<br>
525 W. Monroe Street / Chicago, IL 60661-3693<br>
p / (312) 577-8045 f / (312) 577-4490<br>
<a class="moz-txt-link-abbreviated" href="mailto:brian.duncan@kattenlaw.com">brian.duncan@kattenlaw.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.kattenlaw.com">www.kattenlaw.com</a><br>
</font></p>
<div> </div>
<br>
<div class="OutlookMessageHeader" dir="ltr" align="left" lang="en-us">
<hr tabindex="-1"><font face="Tahoma" size="2"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:zendto-bounces@zend.to">zendto-bounces@zend.to</a> [<a class="moz-txt-link-freetext" href="mailto:zendto-bounces@zend.to">mailto:zendto-bounces@zend.to</a>] <b>On Behalf Of
</b>Sergio Rabellino<br>
<b>Sent:</b> Wednesday, August 18, 2010 6:08 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:zendto@zend.to">zendto@zend.to</a><br>
<b>Subject:</b> [ZendTo] Re: Question related to version of PHP in
CentOS VM's<br>
</font><br>
</div>
I'm running php web sites along 10 years, i'd never had a succesful
attack to php itself, but only to bad (php) programmers.<br>
I think that nessus it's very conservative in its results, but not
every buffer overflow can lead to a breach in your system.<br>
What programming language/environment you believe it's unfaceable ?
Tomcat/Java or whatsoever ? :-)<br>
<br>
regards.<br>
<br>
Duncan, Brian M. ha scritto:
<blockquote
cite="mid:65234743FE1555428435CE39E6AC407803795174@CHI-US-EXCH-01.us.kmz.com"
type="cite">
<meta content="MSHTML 6.00.6002.18255" name="GENERATOR">
<div dir="ltr" align="left"><font color="#0000ff" face="Arial"
size="2"><span class="823452818-18082010">I've always shied away from
using PHP with apache on externally facing web sites in the past due to
always seeing a constant flow of new vulnerabilities.</span></font></div>
<div> </div>
<div><span class="823452818-18082010"><font color="#0000ff"
face="Arial" size="2">Does anyone know if the version of PHP that is
current according to CentOS safe?</font></span></div>
<div><span class="823452818-18082010"></span> </div>
<div><span class="823452818-18082010"><font color="#0000ff"
face="Arial" size="2">I ran a Nessus scan against my Zendto box and it
is listing 6 "HIGH" security risks so far that are supposedly tied to
PHP version. I just noticed they all refer so far to using PHP 5.2.5
or later. Not sure if any of these are false positives yet.</font></span></div>
<div><span class="823452818-18082010"></span> </div>
<div><span class="823452818-18082010"></span> </div>
<div><span class="823452818-18082010"><font color="#0000ff"
face="Arial" size="2">Here is some of the Nessus "HIGH" security scan
listed output for any interested:</font></span></div>
<div><span class="823452818-18082010"></span> </div>
<div><span class="823452818-18082010"></span> </div>
<div><span class="823452818-18082010"></span> </div>
<div><span class="823452818-18082010">
<table align="center" border="0" cellpadding="2" cellspacing="0"
width="70%">
<tbody>
<tr class="plugin_sev_high">
<td class="plugin_label" align="left">PHP < 5.2.5 Multiple
Vulnerabilities</td>
</tr>
<tr class="info_bg">
<td class="info_text" colspan="2">
<div class="plugin_output"><br>
<b>Synopsis:</b><br>
The remote web server uses a version of PHP that is affected by
multiple flaws.<br>
<br>
<b>Description:</b><br>
According to its banner, the version of PHP installed on the remote
host is older than 5.2.5. Such versions may be affected by various
issues, including but not limited to several buffer overflows.<br>
<br>
<b>Risk factor:</b><br>
High<br>
<br>
<b>CVSS Base Score:</b>7.5<br>
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.php.net/releases/5_2_5.php">http://www.php.net/releases/5_2_5.php</a><br>
<br>
<b>Solution:</b><br>
Upgrade to PHP version 5.2.5 or later.<br>
<br>
<b>Plugin output:</b><br>
PHP version 5.1.6 appears to be running on the remote host based on the
following X-Powered-By response header : X-Powered-By: PHP/5.1.6 <br>
<br>
<b>Plugin ID:</b><br>
<a
href="http://www.nessus.org/plugins/index.php?view=single&id=28181"
moz-do-not-send="true">28181</a><br>
<br>
<b>CVE: </b><br>
CVE-2007-4887, CVE-2007-5898, CVE-2007-5900<br>
<br>
<b>BID: </b><br>
<a href="http://www.securityfocus.com/bid/26403"
moz-do-not-send="true">26403</a><br>
<br>
<b>Other references: </b><br>
OSVDB:38680, OSVDB:38681, OSVDB:38682, OSVDB:38683, OSVDB:38684,
OSVDB:38685</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="2" cellspacing="0"
width="70%">
<tbody>
<tr class="plugin_sev_high">
<td class="plugin_label" align="left">PHP < 5.2.1 Multiple
Vulnerabilities</td>
</tr>
<tr class="info_bg">
<td class="info_text" colspan="2">
<div class="plugin_output"><br>
<b>Synopsis:</b><br>
The remote web server uses a version of PHP that is affected by
multiple flaws.<br>
<br>
<b>Description:</b><br>
According to its banner, the version of PHP installed on the remote
host is older than 5.2.1. Such versions may be affected by several
issues, including buffer overflows, format string vulnerabilities,
arbitrary code execution, 'safe_mode' and 'open_basedir' bypasses, and
clobbering of super-globals.<br>
<br>
<b>Risk factor:</b><br>
High<br>
<br>
<b>CVSS Base Score:</b>7.5<br>
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.php.net/releases/5_2_1.php">http://www.php.net/releases/5_2_1.php</a><br>
<br>
<b>Solution:</b><br>
Upgrade to PHP version 5.2.1 or later.<br>
<br>
<b>Plugin output:</b><br>
PHP version 5.1.6 appears to be running on the remote host based on the
following X-Powered-By response header : X-Powered-By: PHP/5.1.6 <br>
<br>
<b>Plugin ID:</b><br>
<a
href="http://www.nessus.org/plugins/index.php?view=single&id=24907"
moz-do-not-send="true">24907</a><br>
<br>
<b>CVE: </b><br>
CVE-2006-6383, CVE-2007-0905, CVE-2007-0906, CVE-2007-0907,
CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-1376,
CVE-2007-1380, CVE-2007-1453, CVE-2007-1700, CVE-2007-1701,
CVE-2007-1824, CVE-2007-1825, CVE-2007-1884, CVE-2007-1885,
CVE-2007-1886, CVE-2007-1887, CVE-2007-1890<br>
<br>
<b>BID: </b><br>
<a href="http://www.securityfocus.com/bid/21508"
moz-do-not-send="true">21508</a>, <a
href="http://www.securityfocus.com/bid/22496" moz-do-not-send="true">22496</a>,
<a href="http://www.securityfocus.com/bid/22805"
moz-do-not-send="true">22805</a>, <a
href="http://www.securityfocus.com/bid/22806" moz-do-not-send="true">22806</a>,
<a href="http://www.securityfocus.com/bid/22862"
moz-do-not-send="true">22862</a>, <a
href="http://www.securityfocus.com/bid/22922" moz-do-not-send="true">22922</a>,
<a href="http://www.securityfocus.com/bid/23119"
moz-do-not-send="true">23119</a>, <a
href="http://www.securityfocus.com/bid/23120" moz-do-not-send="true">23120</a>,
<a href="http://www.securityfocus.com/bid/23219"
moz-do-not-send="true">23219</a>, <a
href="http://www.securityfocus.com/bid/23233" moz-do-not-send="true">23233</a>,
<a href="http://www.securityfocus.com/bid/23234"
moz-do-not-send="true">23234</a>, <a
href="http://www.securityfocus.com/bid/23235" moz-do-not-send="true">23235</a>,
<a href="http://www.securityfocus.com/bid/23236"
moz-do-not-send="true">23236</a>, <a
href="http://www.securityfocus.com/bid/23237" moz-do-not-send="true">23237</a>,
<a href="http://www.securityfocus.com/bid/23238"
moz-do-not-send="true">23238</a><br>
<br>
<b>Other references: </b><br>
OSVDB:32763, OSVDB:32764, OSVDB:32765, OSVDB:32766, OSVDB:32767,
OSVDB:32768, OSVDB:32776, OSVDB:32781, OSVDB:33269, OSVDB:33933,
OSVDB:33944, OSVDB:33945, OSVDB:33955, OSVDB:33957, OSVDB:33958,
OSVDB:33959, OSVDB:33960, OSVDB:34767</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="2" cellspacing="0"
width="70%">
<tbody>
<tr class="plugin_sev_high">
<td class="plugin_label" align="left">PHP < 5.2.4 Multiple
Vulnerabilities</td>
</tr>
<tr class="info_bg">
<td class="info_text" colspan="2">
<div class="plugin_output"><br>
<b>Synopsis:</b><br>
The remote web server uses a version of PHP that is affected by
multiple flaws.<br>
<br>
<b>Description:</b><br>
According to its banner, the version of PHP installed on the remote
host is older than 5.2.4. Such versions may be affected by various
issues, including but not limited to several overflows.<br>
<br>
<b>Risk factor:</b><br>
High<br>
<br>
<b>CVSS Base Score:</b>7.5<br>
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.php.net/releases/5_2_4.php">http://www.php.net/releases/5_2_4.php</a><br>
<br>
<b>Solution:</b><br>
Upgrade to PHP version 5.2.4 or later.<br>
<br>
<b>Plugin output:</b><br>
PHP version 5.1.6 appears to be running on the remote host based on the
following X-Powered-By response header : X-Powered-By: PHP/5.1.6 <br>
<br>
<b>Plugin ID:</b><br>
<a
href="http://www.nessus.org/plugins/index.php?view=single&id=25971"
moz-do-not-send="true">25971</a><br>
<br>
<b>CVE: </b><br>
CVE-2007-2872, CVE-2007-3378, CVE-2007-3806<br>
<br>
<b>BID: </b><br>
<a href="http://www.securityfocus.com/bid/24661"
moz-do-not-send="true">24661</a>, <a
href="http://www.securityfocus.com/bid/24261" moz-do-not-send="true">24261</a>,
<a href="http://www.securityfocus.com/bid/24922"
moz-do-not-send="true">24922</a>, <a
href="http://www.securityfocus.com/bid/25498" moz-do-not-send="true">25498</a><br>
<br>
<b>Other references: </b><br>
OSVDB:36083, OSVDB:36085, OSVDB:36869</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="2" cellspacing="0"
width="70%">
<tbody>
<tr class="plugin_sev_high">
<td class="plugin_label" align="left">PHP < 5.2 Multiple
Vulnerabilities</td>
</tr>
<tr class="info_bg">
<td class="info_text" colspan="2">
<div class="plugin_output"><br>
<b>Synopsis:</b><br>
The remote web server uses a version of PHP that is affected by
multiple buffer overflows.<br>
<br>
<b>Description:</b><br>
According to its banner, the version of PHP installed on the remote
host is older than 5.2. Such versions may be affected by several buffer
overflows. To exploit these issues, an attacker would need the ability
to upload an arbitrary PHP script on the remote server, or to be able
to manipulate several variables processed by some PHP functions such as
htmlentities().<br>
<br>
<b>Risk factor:</b><br>
High<br>
<br>
<b>CVSS Base Score:</b>7.5<br>
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.php.net/releases/5_2_0.php">http://www.php.net/releases/5_2_0.php</a><br>
<br>
<b>Solution:</b><br>
Upgrade to PHP version 5.2.0 or later.<br>
<br>
<b>Plugin output:</b><br>
PHP version 5.1.6 appears to be running on the remote host based on the
following X-Powered-By response header : X-Powered-By: PHP/5.1.6 <br>
<br>
<b>Plugin ID:</b><br>
<a
href="http://www.nessus.org/plugins/index.php?view=single&id=31649"
moz-do-not-send="true">31649</a><br>
<br>
<b>CVE: </b><br>
CVE-2006-5465<br>
<br>
<b>BID: </b><br>
<a href="http://www.securityfocus.com/bid/20879"
moz-do-not-send="true">20879</a><br>
<br>
<b>Other references: </b><br>
OSVDB:30178, OSVDB:30179</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="2" cellspacing="0"
width="70%">
<tbody>
<tr class="plugin_sev_high">
<td class="plugin_label" align="left">PHP 5 < 5.2.7
Multiple Vulnerabilities</td>
</tr>
<tr class="info_bg">
<td class="info_text" colspan="2">
<div class="plugin_output"><br>
<b>Synopsis:</b><br>
The remote web server uses a version of PHP that is affected by
multiple flaws.<br>
<br>
<b>Description:</b><br>
According to its banner, the version of PHP installed on the remote
host is older than 5.2.7. Such versions may be affected by several
security issues : - File truncation can occur when calling
'dba_replace()' with an invalid argument. - There is a buffer overflow
in the bundled PCRE library fixed by 7.8. (CVE-2008-2371) - A buffer
overflow in the 'imageloadfont()' function in 'ext/gd/gd.c' can be
triggered when a specially crafted font is given. (CVE-2008-3658) -
There is a buffer overflow in PHP's internal function 'memnstr()',
which is exposed to userspace as 'explode()'. (CVE-2008-3659) - When
used as a FastCGI module, PHP segfaults when opening a file whose name
contains two dots (eg, 'file..php'). (CVE-2008-3660) - Multiple
directory traversal vulnerabilities in functions such as
'posix_access()', 'chdir()', 'ftok()' may allow a remote attacker to
bypass 'safe_mode' restrictions. (CVE-2008-2665 and CVE-2008-2666). - A
buffer overflow may be triggered when processing long message headers
in 'php_imap.c' due to use of an obsolete API call. (CVE-2008-2829) - A
heap-based buffer overflow may be triggered via a call to
'mb_check_encoding()', part of the 'mbstring' extension.
(CVE-2008-5557) - Missing initialization of 'BG(page_uid)' and
'BG(page_gid)' when PHP is used as an Apache module may allow for
bypassing security restriction due to SAPI 'php_getuid()' overloading.
(CVE-2008-5624) - Incorrect 'php_value' order for Apache configuration
may allow bypassing PHP's 'safe_mode' setting. (CVE-2008-5625) - The
ZipArchive:extractTo() method in the ZipArchive extension fails to
filter directory traversal sequences from file names. (CVE-2008-5658)<br>
<br>
<b>Risk factor:</b><br>
High<br>
<br>
<b>CVSS Base Score:</b>7.5<br>
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://securityreason.com/achievement_securityalert/57">http://securityreason.com/achievement_securityalert/57</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://securityreason.com/achievement_securityalert/58">http://securityreason.com/achievement_securityalert/58</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://securityreason.com/achievement_securityalert/59">http://securityreason.com/achievement_securityalert/59</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.sektioneins.de/advisories/SE-2008-06.txt">http://www.sektioneins.de/advisories/SE-2008-06.txt</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0238.html">http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0238.html</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0239.html">http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0239.html</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.openwall.com/lists/oss-security/2008/08/08/2">http://www.openwall.com/lists/oss-security/2008/08/08/2</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.openwall.com/lists/oss-security/2008/08/13/8">http://www.openwall.com/lists/oss-security/2008/08/13/8</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0433.html">http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0433.html</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0089.html">http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0089.html</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://bugs.php.net/bug.php?id=42862">http://bugs.php.net/bug.php?id=42862</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://bugs.php.net/bug.php?id=45151">http://bugs.php.net/bug.php?id=45151</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://bugs.php.net/bug.php?id=45722">http://bugs.php.net/bug.php?id=45722</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.php.net/releases/5_2_7.php">http://www.php.net/releases/5_2_7.php</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.php.net/ChageLog-5.php#5.2.7">http://www.php.net/ChageLog-5.php#5.2.7</a><br>
<br>
<b>Solution:</b><br>
Upgrade to PHP version 5.2.8 or later. Note that 5.2.7 was been removed
from distribution because of a regression in that version that results
in the 'magic_quotes_gpc' setting remaining off even if it was set to
on.<br>
<br>
<b>Plugin output:</b><br>
PHP version 5.1.6 appears to be running on the remote host based on the
following X-Powered-By response header : X-Powered-By: PHP/5.1.6 <br>
<br>
<b>Plugin ID:</b><br>
<a
href="http://www.nessus.org/plugins/index.php?view=single&id=35043"
moz-do-not-send="true">35043</a><br>
<br>
<b>CVE: </b><br>
CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829,
CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5557,
CVE-2008-5624, CVE-2008-5625, CVE-2008-5658<br>
<br>
<b>BID: </b><br>
<a href="http://www.securityfocus.com/bid/29796"
moz-do-not-send="true">29796</a>, <a
href="http://www.securityfocus.com/bid/29797" moz-do-not-send="true">29797</a>,
<a href="http://www.securityfocus.com/bid/29829"
moz-do-not-send="true">29829</a>, <a
href="http://www.securityfocus.com/bid/30087" moz-do-not-send="true">30087</a>,
<a href="http://www.securityfocus.com/bid/30649"
moz-do-not-send="true">30649</a>, <a
href="http://www.securityfocus.com/bid/31612" moz-do-not-send="true">31612</a>,
<a href="http://www.securityfocus.com/bid/32383"
moz-do-not-send="true">32383</a>, <a
href="http://www.securityfocus.com/bid/32625" moz-do-not-send="true">32625</a>,
<a href="http://www.securityfocus.com/bid/32688"
moz-do-not-send="true">32688</a>, <a
href="http://www.securityfocus.com/bid/32948" moz-do-not-send="true">32948</a><br>
<br>
<b>Other references: </b><br>
OSVDB:46584, OSVDB:46638, OSVDB:46639, OSVDB:46641, OSVDB:46690,
OSVDB:47796, OSVDB:47797, OSVDB:47798, OSVDB:50480, OSVDB:51477,
OSVDB:52205, OSVDB:52206, OSVDB:52207</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="2" cellspacing="0"
width="70%">
<tbody>
<tr class="plugin_sev_high">
<td class="plugin_label" align="left">PHP < 5.2.6 Multiple
Vulnerabilities</td>
</tr>
<tr class="info_bg">
<td class="info_text" colspan="2">
<div class="plugin_output"><br>
<b>Synopsis:</b><br>
The remote web server uses a version of PHP that is affected by
multiple flaws.<br>
<br>
<b>Description:</b><br>
According to its banner, the version of PHP installed on the remote
host is older than 5.2.6. Such versions may be affected by the
following issues : - A stack buffer overflow in FastCGI SAPI. - An
integer overflow in printf(). - An security issue arising from improper
calculation of the length of PATH_TRANSLATED in cgi_main.c. - A
safe_mode bypass in cURL. - Incomplete handling of multibyte chars
inside escapeshellcmd(). - Issues in the bundled PCRE fixed by version
7.6.<br>
<br>
<b>Risk factor:</b><br>
High<br>
<br>
<b>CVSS Base Score:</b>7.5<br>
CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://archives.neohapsis.com/archives/bugtraq/2008-03/0321.html">http://archives.neohapsis.com/archives/bugtraq/2008-03/0321.html</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html">http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0107.html">http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0107.html</a><br>
<br>
<b>See also:</b><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.php.net/releases/5_2_6.php">http://www.php.net/releases/5_2_6.php</a><br>
<br>
<b>Solution:</b><br>
Upgrade to PHP version 5.2.6 or later.<br>
<br>
<b>Plugin output:</b><br>
PHP version 5.1.6 appears to be running on the remote host based on the
following X-Powered-By response header : X-Powered-By: PHP/5.1.6 <br>
<br>
<b>Plugin ID:</b><br>
<a
href="http://www.nessus.org/plugins/index.php?view=single&id=32123"
moz-do-not-send="true">32123</a><br>
<br>
<b>CVE: </b><br>
CVE-2007-4850, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050,
CVE-2008-2051<br>
<br>
<b>BID: </b><br>
<a href="http://www.securityfocus.com/bid/27413"
moz-do-not-send="true">27413</a>, <a
href="http://www.securityfocus.com/bid/28392" moz-do-not-send="true">28392</a>,
<a href="http://www.securityfocus.com/bid/29009"
moz-do-not-send="true">29009</a><br>
<br>
<b>Other references: </b><br>
OSVDB:43219, OSVDB:44057, OSVDB:44906, OSVDB:44907, OSVDB:44908,
Secunia:30048</div>
</td>
</tr>
</tbody>
</table>
</span></div>
<div><span class="823452818-18082010"></span> </div>
<!-- Converted from text/plain format -->
<p><font size="2">BRIAN M. DUNCAN<br>
Data Security Administrator<br>
Katten Muchin Rosenman LLP<br>
525 W. Monroe Street / Chicago, IL 60661-3693<br>
p / (312) 577-8045 f / (312) 577-4490<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:brian.duncan@kattenlaw.com">brian.duncan@kattenlaw.com</a>
/ <a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.kattenlaw.com">www.kattenlaw.com</a><br>
</font></p>
<div class="moz-signature">
<center> </center>
</div>
<table>
<tbody>
<tr>
<td bgcolor="#ffffff"><font color="#000000">
<pre>===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue
Service, any tax advice contained herein is not intended or written to be used and cannot be used
by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive
use of the individual or entity to whom it is addressed and may contain information that is
proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or
distribution of this information may be subject to legal restriction or sanction. Please notify
the sender, by electronic mail or telephone, of any unintended recipients and delete the original
message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has
elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================</pre>
</font></td>
</tr>
</tbody>
</table>
<pre wrap=""><hr size="4" width="90%">
_______________________________________________
ZendTo mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<center><span
style="font-weight: bold; font-family: Verdana,sans-serif;">Ing.
Sergio Rabellino<br>
</span><br>
<span style="font-family: Verdana,sans-serif;">Università degli Studi
di Torino<br>
Dipartimento di Informatica<br>
ICT Services Director<br>
Tel +39-0116706701 Fax +39-011751603<br>
C.so Svizzera , 185 - 10149 - Torino<br>
<br>
<a moz-do-not-send="true" href="http://www.di.unito.it"
alt="Dipartimento di Informatica"><img
src="cid:part1.06040805.07070000@di.unito.it" border="0"></a> </span></center>
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<center><span
style="font-family: Verdana,sans-serif; font-weight: bold;">
Ing. Sergio Rabellino<br>
</span>
<br>
<span style="font-family: Verdana,sans-serif;">
Università degli Studi di Torino<br>
Dipartimento di Informatica<br>
ICT Services Director<br>
Tel +39-0116706701
Fax +39-011751603<br>
C.so Svizzera , 185 - 10149 - Torino<br>
<br>
<a href="http://www.di.unito.it" alt="Dipartimento di Informatica"><img
src="cid:part2.02030505.07010104@di.unito.it" border="0"></a>
</span></center>
</div>
</body>
</html>