Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 Tenable Network Security, Inc.DEBIAN_DSA-708.NASL
HistoryApr 15, 2005 - 12:00 a.m.

Debian DSA-708-1 : php3 - missing input sanitising

2005-04-1500:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.076 Low

EPSS

Percentile

94.2%

JSON

An iDEFENSE researcher discovered two problems in the image processing functions of PHP, a server-side, HTML-embedded scripting language, of which one is present in PHP3 as well. When reading a JPEG image, PHP can be tricked into an endless loop due to insufficient input validation.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-708. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(18053);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2005-0525");
  script_xref(name:"DSA", value:"708");

  script_name(english:"Debian DSA-708-1 : php3 - missing input sanitising");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An iDEFENSE researcher discovered two problems in the image processing
functions of PHP, a server-side, HTML-embedded scripting language, of
which one is present in PHP3 as well. When reading a JPEG image, PHP
can be tricked into an endless loop due to insufficient input
validation."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302701"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-708"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the php3 package.

For the stable distribution (woody) this problem has been fixed in
version 3.0.18-23.1woody3."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/15");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"php3", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi-gd", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi-imap", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi-ldap", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi-magick", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi-mhash", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi-mysql", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi-snmp", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-cgi-xml", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-dev", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-doc", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-gd", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-imap", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-ldap", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-magick", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-mhash", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-mysql", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-snmp", reference:"3.0.18-23.1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"php3-xml", reference:"3.0.18-23.1woody3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxphp3p-cpe:/a:debian:debian_linux:php3
debiandebian_linux3.0cpe:/o:debian:debian_linux:3.0

Related

openvas 15
cve 1
ubuntucve 1
debian 4
cvelist 1
osv 1
nvd 1
nessus 11
securityvulns 1
ubuntu 1
suse 1
gentoo 1
redhat 2
centos 2
openvas
openvas
Debian: Security Advisory (DSA-729-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 708-1 (php3)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-708-1)
2008-01-17 00:00:00
cve
cve
CVE-2005-0525
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-0525
2005-05-02 00:00:00
debian
debian
[SECURITY] [DSA 729-1] New PHP4 packages fix denial of service
2005-05-26 11:27:49
[SECURITY] [DSA 708-1] New PHP3 packages fix denial of service
2005-04-15 10:42:29
[SECURITY] [DSA 708-1] New PHP3 packages fix denial of service
2005-04-15 10:42:29
cvelist
cvelist
CVE-2005-0525
2005-04-03 05:00:00
osv
osv
php3 - missing input sanitising
2005-04-15 00:00:00
nvd
nvd
CVE-2005-0525
2005-05-02 04:00:00
nessus
nessus
Debian DSA-729-1 : php4 - missing input sanitising
2005-06-17 00:00:00
SUSE-SA:2005:023: php4, php5
2005-04-15 00:00:00
PHP Multiple Image Processing Functions File Handling DoS
2005-04-02 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 03.31.05: PHP getimagesize() Multiple Denial of Service Vulnerabilities
2005-04-01 00:00:00
ubuntu
ubuntu
PHP4 vulnerabilities
2005-04-05 00:00:00
suse
suse
remote denial of service in php4, php5
2005-04-15 09:47:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2005-04-18 00:00:00
redhat
redhat
(RHSA-2005:405) PHP security update
2005-04-28 00:00:00
(RHSA-2005:406) PHP security update
2005-05-04 00:00:00
centos
centos
php security update
2005-04-28 22:58:33
php security update
2005-05-04 17:39:54

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.076 Low

EPSS

Percentile

94.2%

JSON
Related for DEBIAN_DSA-708.NASL
openvas15cve1ubuntucve1debian4cvelist1osv1nvd1nessus11securityvulns1ubuntu1suse1gentoo1redhat2centos2