Lucene search
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2001-013.NASLHistorySep 06, 2012 - 12:00 a.m.
Mandrake Linux Security Advisory : php (MDKSA-2001:013)
2012-09-0600:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
11
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
There are two security problems with php4 as shipped in Linux-Mandrake 7.2. It is possible to specify PHP directives on a per-directory basis under Apache and a remote attacker could carefully craft an HTTP request that would cause the next page to be served with the wrong values for these directives. The second problem is that although PHP may be installed, it can be activated and deactivated on a per- directory or per-virtual host basis using the ‘engine=on’ or ‘engine=off’ directive. PHP can ‘leak’ the ‘engine=off’ setting to other virtual hosts on the same machine, effectively disabling PHP for those hosts and resulting in PHP source code being sent to the client instead of being executed on the server. These vulnerabilities are corrected in PHP 4.0.4pl1.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2001:013.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(61887);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2001-0108", "CVE-2001-1385");
script_xref(name:"MDKSA", value:"2001:013");
script_name(english:"Mandrake Linux Security Advisory : php (MDKSA-2001:013)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"There are two security problems with php4 as shipped in Linux-Mandrake
7.2. It is possible to specify PHP directives on a per-directory basis
under Apache and a remote attacker could carefully craft an HTTP
request that would cause the next page to be served with the wrong
values for these directives. The second problem is that although PHP
may be installed, it can be activated and deactivated on a per-
directory or per-virtual host basis using the 'engine=on' or
'engine=off' directive. PHP can 'leak' the 'engine=off' setting to
other virtual hosts on the same machine, effectively disabling PHP for
those hosts and resulting in PHP source code being sent to the client
instead of being executed on the server. These vulnerabilities are
corrected in PHP 4.0.4pl1."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-dba_gdbm_db2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-manual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:php-readline");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
script_set_attribute(attribute:"patch_publication_date", value:"2001/01/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"mod_php-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-dba_gdbm_db2-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-devel-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-gd-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-imap-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-ldap-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-manual-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-mysql-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-pgsql-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"php-readline-4.0.4pl1-1.1mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | mod_php | p-cpe:/a:mandriva:linux:mod_php |
| mandriva | linux | php | p-cpe:/a:mandriva:linux:php |
| mandriva | linux | php-dba_gdbm_db2 | p-cpe:/a:mandriva:linux:php-dba_gdbm_db2 |
| mandriva | linux | php-devel | p-cpe:/a:mandriva:linux:php-devel |
| mandriva | linux | php-gd | p-cpe:/a:mandriva:linux:php-gd |
| mandriva | linux | php-imap | p-cpe:/a:mandriva:linux:php-imap |
| mandriva | linux | php-ldap | p-cpe:/a:mandriva:linux:php-ldap |
| mandriva | linux | php-manual | p-cpe:/a:mandriva:linux:php-manual |
| mandriva | linux | php-mysql | p-cpe:/a:mandriva:linux:php-mysql |
| mandriva | linux | php-pgsql | p-cpe:/a:mandriva:linux:php-pgsql |
Related
openvas
openvas
Debian Security Advisory DSA 020-1 (php4)
2008-01-17 00:00:00
Debian Security Advisory DSA 020-1 (php4)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-020-1 : php4 - remote DOS and remote information leak
2004-09-29 00:00:00
cvelist
cvelist
CVE-2001-0108
2001-09-18 04:00:00
CVE-2001-1385
2003-04-02 05:00:00
nvd
nvd
CVE-2001-1385
2001-01-12 05:00:00
CVE-2001-0108
2001-03-12 05:00:00
cve
cve
CVE-2001-1385
2003-04-02 05:00:00
CVE-2001-0108
2001-09-18 04:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
Related for MANDRAKE_MDKSA-2001-013.NASL