Test ID:	1.3.6.1.4.1.25623.1.0.63482
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:065 (php4)
Summary:	The remote host is missing an update to php4;announced via advisory MDVSA-2009:065.
Description:	Summary: The remote host is missing an update to php4 announced via advisory MDVSA-2009:065. Vulnerability Insight: A vulnerability in the cURL library in PHP allowed context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files using a special URL request (CVE-2007-4850). improve mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c (CVE-2008-5557). PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server (CVE-2009-0754). The updated packages have been patched to correct these issues. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4850 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 27413 http://www.securityfocus.com/bid/27413 BugTraq ID: 29009 http://www.securityfocus.com/bid/29009 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search) http://www.securityfocus.com/archive/1/486856/100/0/threaded Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/492671/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.openwall.com/lists/oss-security/2008/05/02/2 http://secunia.com/advisories/30048 http://secunia.com/advisories/30411 http://secunia.com/advisories/31200 http://secunia.com/advisories/31326 http://secunia.com/advisories/32222 http://securityreason.com/securityalert/3562 http://securityreason.com/achievement_securityalert/51 http://www.ubuntu.com/usn/usn-628-1 http://www.vupen.com/english/advisories/2008/1412 http://www.vupen.com/english/advisories/2008/2268 http://www.vupen.com/english/advisories/2008/2780 XForce ISS Database: php-curlinit-security-bypass(39852) https://exchange.xforce.ibmcloud.com/vulnerabilities/39852 XForce ISS Database: php-safemode-directive-security-bypass(42134) https://exchange.xforce.ibmcloud.com/vulnerabilities/42134 Common Vulnerability Exposure (CVE) ID: CVE-2008-5557 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 32948 http://www.securityfocus.com/bid/32948 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/501376/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html HPdes Security Advisory: HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: SSRT090192 HPdes Security Advisory: SSRT100079 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://securitytracker.com/id?1021482 http://secunia.com/advisories/34642 http://secunia.com/advisories/35003 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 http://secunia.com/advisories/35650 SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-multibyte-bo(47525) https://exchange.xforce.ibmcloud.com/vulnerabilities/47525 Common Vulnerability Exposure (CVE) ID: CVE-2009-0754 http://www.openwall.com/lists/oss-security/2009/01/30/1 http://www.openwall.com/lists/oss-security/2009/02/03/3 http://www.openwall.com/lists/oss-security/2009/02/25/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035 http://www.securitytracker.com/id?1021979 http://secunia.com/advisories/34830 http://secunia.com/advisories/35007 https://usn.ubuntu.com/761-1/
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.