FreeBSD : pear-XML_RPC -- remote PHP code injection vulnerability (e65ad1bf-0d8b-11da-90d0-00304823c0d3)

medium Nessus Plugin ID 21527

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A Hardened-PHP Project Security Advisory reports :

When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code.

This new injection vulnerability is cause by not properly handling the situation, when certain XML tags are nested in the parsed document, that were never meant to be nested at all. This can be easily exploited in a way, that user-input is placed outside of string delimiters within the evaluation string, which obviously results in arbitrary code execution.

Note that several applications contains an embedded version on XML_RPC, therefor making them the vulnerable to the same code injection vulnerability.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?7c00f82b

http://www.nessus.org/u?2e38c06a

https://www.drupal.org/files/sa-2005-004/advisory.txt

http://www.nessus.org/u?1e750214

http://www.hardened-php.net/advisory_142005.66.html

http://www.hardened-php.net/advisory_152005.67.html

https://www.phpmyfaq.de/news/15

http://www.nessus.org/u?ce1ba80d

Plugin Details

Severity: Medium

ID: 21527

File Name: freebsd_pkg_e65ad1bf0d8b11da90d000304823c0d3.nasl

Version: 1.15

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:b2evolution, p-cpe:/a:freebsd:freebsd:drupal, p-cpe:/a:freebsd:freebsd:egroupware, p-cpe:/a:freebsd:freebsd:pear-xml_rpc, p-cpe:/a:freebsd:freebsd:phpadsnew, p-cpe:/a:freebsd:freebsd:phpgroupware, p-cpe:/a:freebsd:freebsd:phpmyfaq, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/15/2005

Vulnerability Publication Date: 8/15/2005

Reference Information

CVE: CVE-2005-2498