|
SecurityLex.Org
|
|
|
Your search for "23655" returned:
| Nessus Plugin ID: 23655 | Name: [DSA1206] DSA-1206-1 php4 |
| CVE References: CVE-2006-5465 (cve.mitre.org, nvd.nist.gov) CVE-2006-5465 (cve.mitre.org, nvd.nist.gov) CVE-2006-5465 (cve.mitre.org, nvd.nist.gov) CVE-2006-5465 (cve.mitre.org, nvd.nist.gov) CVE-2005-3353 (cve.mitre.org, nvd.nist.gov) CVE-2006-3017 (cve.mitre.org, nvd.nist.gov) CVE-2006-4482 (cve.mitre.org, nvd.nist.gov) |
| SANS/FBI TOP20 Reference: |
| Group/Family: Debian Local Security Checks |
| Risk: High |
Description: Synopsis :
The remote host is missing the DSA-1206 security update
Description :
Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2005-3353
Tim Starling discovered that missing input sanitising in the EXIF
module could lead to denial of service.
CVE-2006-3017
Stefan Esser discovered a security-critical programming error in the
hashtable implementation of the internal Zend engine.
CVE-2006-4482
It was discovered that str_repeat() and wordwrap() functions perform
insufficient checks for buffer boundaries on 64 bit systems, which
might lead to the execution of arbitrary code.
CVE-2006-5465
Stefan Esser discovered a buffer overflow in the htmlspecialchars()
and htmlentities(), which might lead to the execution of arbitrary
code.
For the stable distribution (sarge) these problems have been fixed in
version 4:4.3.10-18. Builds for hppa and m68k will be provided later
once they are available.
See also :
http://www.debian.org/security/2006/dsa-1206
Solution :
The Debian project recommends that you upgrade your php4 packages.
/ CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
|
| Created: 2007-08-29 02:23:44 | Last Changed: 2009-08-01 09:04:03 |
|
|