SecurityLex.Org
  Home My IP SecCon Glossary Vulnerability Tests Sans/FBI Top 20 Top 10 Ipfilter Recent Vulnerabilities Today's news Web Host Check 

VulnTests
SecureScout Testcase
eEye Retina RTH
Nessus Plugin ID
nCircle Sans CVE's
Dragonsoft Vuln ID
CVE Entries
Search CVSS vectors 
CVSS Base score between    and
Access Vector Confidentiality Impact
Access Complexity Integrity Impact
Authentification Availability Impact
Impact Bias

Your search for "29376" returned:
Nessus Plugin ID: 29376Name: SuSE Security Update: Security update for PHP (apache2-mod_php5-2236)
CVE References: CVE-2006-5465 (cve.mitre.org, nvd.nist.gov
SANS/FBI TOP20 Reference:
Group/Family: SuSE Local Security Checks
Risk: High
Description: Synopsis :

The remote SuSE system is missing the security patch apache2-mod_php5-2236

Description :

This update fixes the following security problems in the
PHP scripting language:

- CVE-2006-5465: Various buffer overflows in
htmlentities/htmlspecialchars internal routines could be
used to crash the PHP interpreter or potentially execute
code, depending on the PHP application used.

- A missing open_basedir check inside chdir() function was
added.
- A tempnam() openbasedir bypass was fixed.
- A possible buffer overflow in stream_socket_client() when
using 'bindto' + IPv6 was fixed.
- Do not build php5 with --enable-sigchld.

Solution :

Install the apache2-mod_php5-2236 security patch by using 'yast', for example.

/ CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Created: 2007-12-15 16:39:35Last Changed: 2010-07-25 19:39:50
 
 The Complete Lexicon to Security