| nessus
via4
|
| NASL family | SuSE Local Security Checks | | NASL id | SUSE9_12093.NASL | | description | Specially crafted GIF files could crash perl-Tk. (CVE-2006-4484) | | last seen | 2018-09-02 | | modified | 2012-04-23 | | plugin id | 41199 | | published | 2009-09-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=41199 | | title | SuSE9 Security Update : perl-Tk (YOU Patch Number 12093) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRAKE_MDKSA-2006-162.NASL | | description | The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5
do not check for the safe_mode and open_basedir settings, which allows
local users to bypass the settings (CVE-2006-4481).
Buffer overflow in the LWZReadByte function in
ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5
allows remote attackers to have an unknown impact via a GIF file with
input_code_size greater than MAX_LWZ_BITS, which triggers an overflow
when initializing the table array (CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).
CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP.
Updated packages have been patched to correct these issues. | | last seen | 2019-01-16 | | modified | 2018-07-19 | | plugin id | 23906 | | published | 2006-12-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23906 | | title | Mandrake Linux Security Advisory : php (MDKSA-2006:162) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_PERL-TK-5035.NASL | | description | Specially crafted GIF files could crash perl-Tk (CVE-2006-4484). | | last seen | 2018-09-01 | | modified | 2014-06-13 | | plugin id | 31340 | | published | 2008-03-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31340 | | title | openSUSE 10 Security Update : perl-Tk (perl-Tk-5035) |
| NASL family | CGI abuses | | NASL id | PHP_5_1_5.NASL | | description | According to its banner, the version of PHP 5.x installed on the
remote host is older than 5.1.5. Such versions may be affected by the
following vulnerabilities :
- The c-client library 2000, 2001, or 2004 for PHP does
not check the safe_mode or open_basedir functions.
(CVE-2006-1017)
- A buffer overflow exists in the sscanf function.
(CVE-2006-4020)
- The file_exists and imap_reopen functions do not check
for the safe_mode and open_basedir settings, which
allows local users to bypass the settings.
(CVE-2006-4481)
- Multiple heap-based buffer overflows exist in the
str_repeat and wordwrap functions in
ext/standard/string.c. (CVE-2006-4482)
- The cURL extension files permit the
CURLOPT_FOLLOWLOCATION option when open_basedir or
safe_mode is enabled, which allows attackers to perform
unauthorized actions. (CVE-2006-4483)
- A buffer overflow vulnerability exists in the
LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the
GD extension. (CVE-2006-4484)
- The stripos function is affected by an out-of-bounds
read. (CVE-2006-4485) | | last seen | 2019-01-16 | | modified | 2018-07-24 | | plugin id | 17713 | | published | 2011-11-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=17713 | | title | PHP 5.1.x < 5.1.5 Multiple Vulnerabilities |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2008-038.NASL | | description | Buffer overflow in the LWZReadByte() function in gd_gif_in.c in GD
prior to 2.0.34 allows remote attackers to have an unknown impact via
a GIF file with input_code_size greater than MAX_LWZ_BITS, which
triggers an overflow when initializing the table array.
This was originally fixed in PHP's embedded GD with MDKSA-2006:162;
patches had not been applied to the system libgd at that time.
The updated packages have been patched to correct this issue. | | last seen | 2019-01-16 | | modified | 2018-07-19 | | plugin id | 37016 | | published | 2009-04-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=37016 | | title | Mandriva Linux Security Advisory : gd (MDVSA-2008:038) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2008-1643.NASL | | description | Rebuilt to utilize system gd instead of internal copy.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-21 | | plugin id | 31079 | | published | 2008-02-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31079 | | title | Fedora 7 : graphviz-2.12-10.fc7 (2008-1643) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2008-077.NASL | | description | A vulnerability in perl-Tk was found where specially crafted GIF
images could crash perl-Tk (an identical issue to that found in
php-gd, gd, and SDL_image).
The updated packages have been patched to correct this issue. | | last seen | 2019-01-16 | | modified | 2018-07-19 | | plugin id | 36248 | | published | 2009-04-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=36248 | | title | Mandriva Linux Security Advisory : perl-Tk (MDVSA-2008:077) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2006-0669.NASL | | description | Updated PHP packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.
A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier
to be used, a cross-site-scripting or response-splitting attack could
be possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the
format string, a remote attacker sending a carefully crafted request
could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and
str_repeat() functions. If a script running on a 64-bit server used
either of these functions on untrusted user data, a remote attacker
sending a carefully crafted request might be able to cause a heap
overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script
was set up to process GIF images from untrusted sources using the gd
extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation
handling. On 64-bit platforms, the 'memory_limit' setting was not
enforced correctly, which could allow a denial of service attack by a
remote user. (CVE-2006-4486)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also
contain a fix for a bug where certain input strings to the metaphone()
function could cause memory corruption. | | last seen | 2019-01-16 | | modified | 2018-11-16 | | plugin id | 22443 | | published | 2006-09-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22443 | | title | RHEL 3 / 4 : php (RHSA-2006:0669) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2006-0730.NASL | | description | Updated PHP packages that fix a security issue are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also contain
a fix for a bug where certain input strings to the metaphone() function
could cause memory corruption.
From Red Hat Security Advisory 2006:0730 :
The Hardened-PHP Project discovered an overflow in the PHP
htmlentities() and htmlspecialchars() routines. If a PHP script used
the vulnerable functions to parse UTF-8 data, a remote attacker
sending a carefully crafted request could trigger the overflow and
potentially execute arbitrary code as the 'apache' user.
(CVE-2006-5465)
From Red Hat Security Advisory 2006:0669 :
A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier
to be used, a cross-site-scripting or response-splitting attack could
be possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the
format string, a remote attacker sending a carefully crafted request
could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and
str_repeat() functions. If a script running on a 64-bit server used
either of these functions on untrusted user data, a remote attacker
sending a carefully crafted request might be able to cause a heap
overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script
was set up to process GIF images from untrusted sources using the gd
extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation
handling. On 64-bit platforms, the 'memory_limit' setting was not
enforced correctly, which could allow a denial of service attack by a
remote user. (CVE-2006-4486) | | last seen | 2019-01-16 | | modified | 2018-08-13 | | plugin id | 67421 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=67421 | | title | Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_PERL-TK-5034.NASL | | description | Specially crafted GIF files could crash perl-Tk. (CVE-2006-4484) | | last seen | 2018-09-02 | | modified | 2012-05-17 | | plugin id | 31339 | | published | 2008-03-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31339 | | title | SuSE 10 Security Update : perl-Tk (ZYPP Patch Number 5034) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SDL_IMAGE-4956.NASL | | description | Specially crafted GIF files could crash the SDL_image library
(CVE-2006-4484). | | last seen | 2019-01-16 | | modified | 2014-06-13 | | plugin id | 30141 | | published | 2008-02-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=30141 | | title | openSUSE 10 Security Update : SDL_image (SDL_image-4956) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_TKIMG-5328.NASL | | description | This update fixes two vulnerabilities while parsing GIF images.
(CVE-2008-0553, CVE-2006-4484) | | last seen | 2018-09-01 | | modified | 2018-07-19 | | plugin id | 33123 | | published | 2008-06-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=33123 | | title | openSUSE 10 Security Update : tkimg (tkimg-5328) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_TKIMG-5320.NASL | | description | This update fixes two vulnerabilities while parsing GIF images.
(CVE-2008-0553, CVE-2006-4484) | | last seen | 2018-09-01 | | modified | 2014-06-13 | | plugin id | 33122 | | published | 2008-06-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=33122 | | title | openSUSE 10 Security Update : tkimg (tkimg-5320) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-342-1.NASL | | description | The sscanf() function did not properly check array boundaries. In
applications which use sscanf() with argument swapping, a remote
attacker could potentially exploit this to crash the affected web
application or even execute arbitrary code with the application's
privileges. (CVE-2006-4020)
The file_exists() and imap_reopen() functions did not perform proper
open_basedir and safe_mode checks which could allow local scripts to
bypass intended restrictions. (CVE-2006-4481)
On 64 bit systems the str_repeat() and wordwrap() functions did not
properly check buffer boundaries. Depending on the application, this
could potentially be exploited to execute arbitrary code with the
applications' privileges. This only affects the amd64 and sparc
platforms. (CVE-2006-4482)
A buffer overflow was discovered in the LWZReadByte_() function of the
GIF image file parser. By tricking a PHP application into processing a
specially crafted GIF image, a remote attacker could exploit this to
execute arbitrary code with the application's privileges.
(CVE-2006-4484).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-12-01 | | plugin id | 27921 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27921 | | title | Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-342-1) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2006-0669.NASL | | description | Updated PHP packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.
A response-splitting issue was discovered in the PHP session handling.
If a remote attacker can force a carefully crafted session identifier
to be used, a cross-site-scripting or response-splitting attack could
be possible. (CVE-2006-3016)
A buffer overflow was discovered in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the
format string, a remote attacker sending a carefully crafted request
could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and
str_repeat() functions. If a script running on a 64-bit server used
either of these functions on untrusted user data, a remote attacker
sending a carefully crafted request might be able to cause a heap
overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If a script
was set up to process GIF images from untrusted sources using the gd
extension, a remote attacker could cause a heap overflow.
(CVE-2006-4484)
An integer overflow was discovered in the PHP memory allocation
handling. On 64-bit platforms, the 'memory_limit' setting was not
enforced correctly, which could allow a denial of service attack by a
remote user. (CVE-2006-4486)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also
contain a fix for a bug where certain input strings to the metaphone()
function could cause memory corruption. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 22423 | | published | 2006-09-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22423 | | title | CentOS 3 / 4 : php (CESA-2006:0669) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_EA09C5DF436211DB81E1000E0C2E438A.NASL | | description | The PHP development team reports :
- Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on
64bit systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and
with realpath cache.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed an out of bounds read inside stripos() function.
- Fixed memory_limit restriction on 64 bit system. | | last seen | 2019-01-16 | | modified | 2018-12-19 | | plugin id | 22343 | | published | 2006-09-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22343 | | title | FreeBSD : php -- multiple vulnerabilities (ea09c5df-4362-11db-81e1-000e0c2e438a) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2008-0146.NASL | | description | Updated gd packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
The gd package contains a graphics library used for the dynamic
creation of images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute
code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges
of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated
PNG image could cause an infinite loop in an application using the gd
library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain
backported patches which resolve these issues. | | last seen | 2019-01-16 | | modified | 2018-11-28 | | plugin id | 31310 | | published | 2008-02-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31310 | | title | CentOS 4 / 5 : gd (CESA-2008:0146) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2008-0146.NASL | | description | Updated gd packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
The gd package contains a graphics library used for the dynamic
creation of images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute
code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges
of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated
PNG image could cause an infinite loop in an application using the gd
library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain
backported patches which resolve these issues. | | last seen | 2019-01-16 | | modified | 2019-01-02 | | plugin id | 31306 | | published | 2008-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=31306 | | title | RHEL 4 / 5 : gd (RHSA-2008:0146) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2008-0146.NASL | | description | From Red Hat Security Advisory 2008:0146 :
Updated gd packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
The gd package contains a graphics library used for the dynamic
creation of images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute
code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges
of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated
PNG image could cause an infinite loop in an application using the gd
library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain
backported patches which resolve these issues. | | last seen | 2019-01-16 | | modified | 2019-01-02 | | plugin id | 67657 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=67657 | | title | Oracle Linux 4 / 5 : gd (ELSA-2008-0146) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20080228_GD_ON_SL4_X.NASL | | description | Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute
code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges
of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated
PNG image could cause an infinite loop in an application using the gd
library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473) | | last seen | 2019-01-16 | | modified | 2019-01-07 | | plugin id | 60367 | | published | 2012-08-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=60367 | | title | Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64 |
|
