|Category:||Mandrake Local Security Checks|
|Title:||Mandrake Security Advisory MDKSA-2006:162 (php)|
|Summary:||Mandrake Security Advisory MDKSA-2006:162 (php)|
The remote host is missing an update to php
announced via advisory MDKSA-2006:162.
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5
do not check for the safe_mode and open_basedir settings, which allows
local users to bypass the settings (CVE-2006-4481).
Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have
an unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).
CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP.
Updated packages have been patched to correct these issues.
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Risk factor : Critical
Common Vulnerability Exposure (CVE) ID: CVE-2006-4481|
SuSE Security Announcement: SUSE-SA:2006:052 (Google Search)
BugTraq ID: 19582
Common Vulnerability Exposure (CVE) ID: CVE-2006-4484
Bugtraq: 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql (Google Search)
Bugtraq: 20080206 rPSA-2008-0046-1 gd (Google Search)
Bugtraq: 20080212 FLEA-2008-0007-1 gd (Google Search)
RedHat Security Advisories: RHSA-2006:0688
SGI Security Advisory: 20061001-01-P
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:013 (Google Search)
TurboLinux Advisory: TLSA-2006-38
Common Vulnerability Exposure (CVE) ID: CVE-2006-4485
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 50192 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.