| nessus
via4
|
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_TKIMG-5328.NASL | | description | This update fixes two vulnerabilities while parsing GIF images.
(CVE-2008-0553, CVE-2006-4484) | | last seen | 2018-09-01 | | modified | 2018-07-19 | | plugin id | 33123 | | published | 2008-06-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=33123 | | title | openSUSE 10 Security Update : tkimg (tkimg-5328) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_TKIMG-5320.NASL | | description | This update fixes two vulnerabilities while parsing GIF images.
(CVE-2008-0553, CVE-2006-4484) | | last seen | 2018-09-01 | | modified | 2014-06-13 | | plugin id | 33122 | | published | 2008-06-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=33122 | | title | openSUSE 10 Security Update : tkimg (tkimg-5320) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2006-0730.NASL | | description | Updated PHP packages that fix a security issue are now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.
From Red Hat Security Advisory 2006:0730 :
The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user.
(CVE-2006-5465)
From Red Hat Security Advisory 2006:0669 :
A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486) | | last seen | 2019-02-21 | | modified | 2018-08-13 | | plugin id | 67421 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=67421 | | title | Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRAKE_MDKSA-2006-162.NASL | | description | The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).
Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).
CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP.
Updated packages have been patched to correct these issues. | | last seen | 2019-02-21 | | modified | 2018-07-19 | | plugin id | 23906 | | published | 2006-12-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23906 | | title | Mandrake Linux Security Advisory : php (MDKSA-2006:162) |
| NASL family | CGI abuses | | NASL id | PHP_5_1_5.NASL | | description | According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities :
- The c-client library 2000, 2001, or 2004 for PHP does not check the safe_mode or open_basedir functions.
(CVE-2006-1017)
- A buffer overflow exists in the sscanf function.
(CVE-2006-4020)
- The file_exists and imap_reopen functions do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. (CVE-2006-4481)
- Multiple heap-based buffer overflows exist in the str_repeat and wordwrap functions in ext/standard/string.c. (CVE-2006-4482)
- The cURL extension files permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions. (CVE-2006-4483)
- A buffer overflow vulnerability exists in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension. (CVE-2006-4484)
- The stripos function is affected by an out-of-bounds read. (CVE-2006-4485) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 17713 | | published | 2011-11-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=17713 | | title | PHP 5.1.x < 5.1.5 Multiple Vulnerabilities |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_EA09C5DF436211DB81E1000E0C2E438A.NASL | | description | The PHP development team reports :
- Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed an out of bounds read inside stripos() function.
- Fixed memory_limit restriction on 64 bit system. | | last seen | 2019-02-21 | | modified | 2018-12-19 | | plugin id | 22343 | | published | 2006-09-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22343 | | title | FreeBSD : php -- multiple vulnerabilities (ea09c5df-4362-11db-81e1-000e0c2e438a) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SDL_IMAGE-4956.NASL | | description | Specially crafted GIF files could crash the SDL_image library (CVE-2006-4484). | | last seen | 2019-02-21 | | modified | 2014-06-13 | | plugin id | 30141 | | published | 2008-02-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=30141 | | title | openSUSE 10 Security Update : SDL_image (SDL_image-4956) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_PERL-TK-5035.NASL | | description | Specially crafted GIF files could crash perl-Tk (CVE-2006-4484). | | last seen | 2018-09-01 | | modified | 2014-06-13 | | plugin id | 31340 | | published | 2008-03-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31340 | | title | openSUSE 10 Security Update : perl-Tk (perl-Tk-5035) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_PERL-TK-5034.NASL | | description | Specially crafted GIF files could crash perl-Tk. (CVE-2006-4484) | | last seen | 2018-09-02 | | modified | 2012-05-17 | | plugin id | 31339 | | published | 2008-03-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31339 | | title | SuSE 10 Security Update : perl-Tk (ZYPP Patch Number 5034) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2006-0669.NASL | | description | Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)
Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 22423 | | published | 2006-09-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22423 | | title | CentOS 3 / 4 : php (CESA-2006:0669) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-342-1.NASL | | description | The sscanf() function did not properly check array boundaries. In applications which use sscanf() with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application's privileges. (CVE-2006-4020)
The file_exists() and imap_reopen() functions did not perform proper open_basedir and safe_mode checks which could allow local scripts to bypass intended restrictions. (CVE-2006-4481)
On 64 bit systems the str_repeat() and wordwrap() functions did not properly check buffer boundaries. Depending on the application, this could potentially be exploited to execute arbitrary code with the applications' privileges. This only affects the amd64 and sparc platforms. (CVE-2006-4482)
A buffer overflow was discovered in the LWZReadByte_() function of the GIF image file parser. By tricking a PHP application into processing a specially crafted GIF image, a remote attacker could exploit this to execute arbitrary code with the application's privileges.
(CVE-2006-4484).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 27921 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27921 | | title | Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-342-1) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2008-0146.NASL | | description | Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues. | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 31306 | | published | 2008-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31306 | | title | RHEL 4 / 5 : gd (RHSA-2008:0146) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2008-0146.NASL | | description | Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues. | | last seen | 2019-02-21 | | modified | 2018-11-28 | | plugin id | 31310 | | published | 2008-02-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31310 | | title | CentOS 4 / 5 : gd (CESA-2008:0146) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2006-0669.NASL | | description | Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the 'memory_limit' setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)
Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. | | last seen | 2019-02-21 | | modified | 2018-11-16 | | plugin id | 22443 | | published | 2006-09-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22443 | | title | RHEL 3 / 4 : php (RHSA-2006:0669) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2008-0146.NASL | | description | From Red Hat Security Advisory 2008:0146 :
Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues. | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 67657 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=67657 | | title | Oracle Linux 4 / 5 : gd (ELSA-2008-0146) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2008-038.NASL | | description | Buffer overflow in the LWZReadByte() function in gd_gif_in.c in GD prior to 2.0.34 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
This was originally fixed in PHP's embedded GD with MDKSA-2006:162;
patches had not been applied to the system libgd at that time.
The updated packages have been patched to correct this issue. | | last seen | 2019-02-21 | | modified | 2018-07-19 | | plugin id | 37016 | | published | 2009-04-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=37016 | | title | Mandriva Linux Security Advisory : gd (MDVSA-2008:038) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20080228_GD_ON_SL4_X.NASL | | description | Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) | | last seen | 2019-02-21 | | modified | 2019-01-07 | | plugin id | 60367 | | published | 2012-08-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=60367 | | title | Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64 |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE9_12093.NASL | | description | Specially crafted GIF files could crash perl-Tk. (CVE-2006-4484) | | last seen | 2018-09-02 | | modified | 2012-04-23 | | plugin id | 41199 | | published | 2009-09-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=41199 | | title | SuSE9 Security Update : perl-Tk (YOU Patch Number 12093) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2008-077.NASL | | description | A vulnerability in perl-Tk was found where specially crafted GIF images could crash perl-Tk (an identical issue to that found in php-gd, gd, and SDL_image).
The updated packages have been patched to correct this issue. | | last seen | 2019-02-21 | | modified | 2018-07-19 | | plugin id | 36248 | | published | 2009-04-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=36248 | | title | Mandriva Linux Security Advisory : perl-Tk (MDVSA-2008:077) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2008-1643.NASL | | description | Rebuilt to utilize system gd instead of internal copy.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2015-10-21 | | plugin id | 31079 | | published | 2008-02-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31079 | | title | Fedora 7 : graphviz-2.12-10.fc7 (2008-1643) |
|
