Test ID:	1.3.6.1.4.1.25623.1.0.53498
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-669-1)
Summary:	The remote host is missing an update for the Debian 'php3' package(s) announced via the DSA-669-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'php3' package(s) announced via the DSA-669-1 advisory. Vulnerability Insight: Two vulnerabilities have been discovered in php4 which also apply to the version of php3 in the stable Debian distribution. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2004-0594 The memory_limit functionality allows remote attackers to execute arbitrary code under certain circumstances. CAN-2004-0595 The strip_tags function does not filter null (0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by some web browsers which could lead to cross-site scripting (XSS) vulnerabilities. For the stable distribution (woody) these problems have been fixed in version 3.0.18-23.1woody2. For the unstable distribution (sid) these problems have been fixed in version 3.0.18-27. We recommend that you upgrade your php3 packages. Affected Software/OS: 'php3' package(s) on Debian 3.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0594 BugTraq ID: 10725 http://www.securityfocus.com/bid/10725 Bugtraq: 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108981780109154&w=2 Bugtraq: 20040714 TSSA-2004-013 - php (Google Search) http://marc.info/?l=bugtraq&m=108982983426031&w=2 Bugtraq: 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) (Google Search) http://marc.info/?l=bugtraq&m=109051444105182&w=2 Conectiva Linux advisory: CLA-2004:847 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847 Debian Security Information: DSA-531 (Google Search) http://www.debian.org/security/2004/dsa-531 Debian Security Information: DSA-669 (Google Search) http://www.debian.org/security/2005/dsa-669 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023908.html http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml HPdes Security Advisory: SSRT4777 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10896 http://www.redhat.com/support/errata/RHSA-2004-392.html http://www.redhat.com/support/errata/RHSA-2004-395.html http://www.redhat.com/support/errata/RHSA-2004-405.html http://www.redhat.com/support/errata/RHSA-2005-816.html SuSE Security Announcement: SUSE-SA:2004:021 (Google Search) http://www.novell.com/linux/security/advisories/2004_21_php4.html http://www.trustix.org/errata/2004/0039/ XForce ISS Database: php-memorylimit-code-execution(16693) https://exchange.xforce.ibmcloud.com/vulnerabilities/16693 Common Vulnerability Exposure (CVE) ID: CVE-2004-0595 BugTraq ID: 10724 http://www.securityfocus.com/bid/10724 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619 XForce ISS Database: php-strip-tag-bypass(16692) https://exchange.xforce.ibmcloud.com/vulnerabilities/16692
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.