| Nessus Plugin ID: 24042 | Name: Fedora 5 2006-1168 |
| CVE References: CVE-2006-4812 (cve.mitre.org, nvd.nist.gov) CVE-2006-5465 (cve.mitre.org, nvd.nist.gov) |
| SANS/FBI TOP20 Reference: |
| Group/Family: Fedora Local Security Checks |
| Risk: Critical |
Description: Synopsis :
The remote host is missing the patch for the advisory FEDORA-2006-1168.
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
Update Information:
This update fixes a security vulnerability in PHP.
The Hardened-PHP Project discovered an overflow in the PHP
htmlentities() and htmlspecialchars() routines. If a PHP
script used the vulnerable functions to parse UTF-8 data, a
remote attacker sending a carefully crafted request could
trigger the overflow and potentially execute arbitrary code
as the 'apache' user. (CVE-2006-5465)
Solution :
Update the affected package(s) using, for example, 'yum update'.
/ CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
|
| Created: 2007-01-23 02:39:46 | Last Changed: 2010-07-14 10:26:09 |