Hi,

I just recently had a nessus scan pickup an outdated php version. I updated the php version and now I can do php -v and it says 5.2.6 which is the version nessus suggests. I also did a updatedb. Then I scanned with Nessus again. This is the message it gives:

PHP < 5.2.6 Multiple Vulnerabilities

Synopsis :

The remote web server uses a version of PHP that is affected by
multiple flaws.

Description :

According to its banner, the version of PHP installed on the remote
host is older than 5.2.6. Such versions may be affected by the
following issues :

- A stack buffer overflow in FastCGI SAPI.

- An integer overflow in printf().

- An security issue arising from improper calculation
of the length of PATH_TRANSLATED in cgi_main.c.

- A safe_mode bypass in cURL.

- Incomplete handling of multibyte chars inside
escapeshellcmd().

- Issues in the bundled PCRE fixed by version 7.6.

See also :

http://archives.neohapsis.com/archiv...8-05/0103.html
http://archives.neohapsis.com/archiv...8-05/0107.html
http://www.php.net/releases/5_2_6.php

Solution :

Upgrade to PHP version 5.2.6 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin output :

PHP version PHP/5.1.6 appears to be running on the remote host
based on the following Server response header :

Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8b mod_jk/1.2.15 PHP/5.1.6

CVE : CVE-2007-4850, CVE-2008-0599, CVE-2008-2050, CVE-2008-2051
BID : 27413, 29009
Other references : OSVDB:43219, Secunia:30048

Nessus ID : 32123

................................

THEN UNDERNEATH IT GIVES THIS MESSAGE:


PHP < 5.2.5 Multiple Vulnerabilities

Synopsis :

The remote web server uses a version of PHP that is affected by
multiple flaws.

Description :

According to its banner, the version of PHP installed on the remote
host is older than 5.2.5. Such versions may be affected by various
issues, including but not limited to several buffer overflows.

See also :

http://www.php.net/releases/5_2_5.php

Solution :

Upgrade to PHP version 5.2.5 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-4887, CVE-2007-5898, CVE-2007-5900
BID : 26403
Other references : OSVDB:38680, OSVDB:38681, OSVDB:38682, OSVDB:38683, OSVDB:38684, OSVDB:38685

Nessus ID : 28181
..................................

The versions that it complains about us having go down to 5.2 We used to have 5.1.4 installed on the server I'm scanning. Anybody know what's going on?

I also restarted apache and restarted the whole server.

Thanks so much, this forum is so helpful,
Jackie

I don't know what's wrong with Nessus (ever tried OpenVAS?) but I'd argue that if you can netcat or telnet in to check headers visually to determine you're really running PHP-5.2.6, then the remarks about any lower version could be discarded as mooted, right?