SecurityLex.Org
  Home My IP SecCon Glossary Vulnerability Tests Sans/FBI Top 20 Top 10 Ipfilter Recent Vulnerabilities Today's news Web Host Check 

VulnTests
SecureScout Testcase
eEye Retina RTH
Nessus Plugin ID
nCircle Sans CVE's
Dragonsoft Vuln ID
CVE Entries
Search CVSS vectors 
CVSS Base score between    and
Access Vector Confidentiality Impact
Access Complexity Integrity Impact
Authentification Availability Impact
Impact Bias

Your search for "25101" returned:
Nessus Plugin ID: 25101Name: Fedora 5 2007-455
CVE References: CVE-2006-4812 (cve.mitre.org, nvd.nist.govCVE-2006-5465 (cve.mitre.org, nvd.nist.govCVE-2007-0455 (cve.mitre.org, nvd.nist.govCVE-2007-0907 (cve.mitre.org, nvd.nist.govCVE-2007-0988 (cve.mitre.org, nvd.nist.govCVE-2007-1001 (cve.mitre.org, nvd.nist.govCVE-2007-1285 (cve.mitre.org, nvd.nist.govCVE-2007-1583 (cve.mitre.org, nvd.nist.govCVE-2007-1718 (cve.mitre.org, nvd.nist.gov
SANS/FBI TOP20 Reference:
Group/Family: Fedora Local Security Checks
Risk: Critical
Description: Synopsis :

The remote host is missing the patch for the advisory FEDORA-2007-455.

Description :

PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

Update Information:

This update fixes a number of security issues in PHP.

A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set
global variables. A script which used the mb_parse_str()
function to set global variables could be forced to enable
the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function
processed header data. If a script sent mail using a Subject
header containing a string from an untrusted source, a
remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd
extension. A script that could be forced to process WBMP
images from an untrusted source could result in arbitrary
code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd
extension. A script that could be forced to write arbitrary
strings using a JIS font from an untrusted source could
cause the PHP interpreter to crash. (CVE-2007-0455)

Solution :

Update the affected package(s) using, for example, 'yum update'.

/ CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Created: 2007-05-02 17:10:41Last Changed: 2010-07-20 18:40:46
 
 The Complete Lexicon to Security