Test ID:	1.3.6.1.4.1.25623.1.0.50837
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2002:059 (php)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php announced via advisory MDKSA-2002:059. A fifth parameter was added to PHP's mail() function in 4.0.5 that is not properly sanitized when the server is running in safe mode. This vulnerability would allow local users and, possibly, remote attackers to execute arbitrary commands using shell metacharacters. After upgrading to these packages, execute service httpd restart as root in order to close the hole immediately. Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:059 http://online.securityfocus.com/archive/1/194425 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 2954 Common Vulnerability Exposure (CVE) ID: CVE-2001-1246 http://www.securityfocus.com/bid/2954 Bugtraq: 20010630 php breaks safe mode (Google Search) http://online.securityfocus.com/archive/1/194425 http://www.redhat.com/support/errata/RHSA-2002-102.html http://www.redhat.com/support/errata/RHSA-2002-129.html http://www.redhat.com/support/errata/RHSA-2003-159.html http://www.iss.net/security_center/static/6787.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.