Test ID:	1.3.6.1.4.1.25623.1.0.54306
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2004-0066 (samba, php)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2004-0066. samba: From the Samba security advisory: Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. The vulnerability was discovered by Greg MacManus, iDEFENSE Labs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1154 to this issue. php: (Taken from the php.net announce:) The PHP Development Team would like to announce the immediate release of PHP 4.3.10 and PHP 5.0.3. These are maintenance releases that in addition to non-critical bug fixes address several very serious security issues. All Users of PHP are strongly encouraged to upgrade to one of these releases as soon as possible. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues: CVE-2004-1018 CVE-2004-1019 CVE-2004-1020 CVE-2004-1063 CVE-2004-1064 CVE-2004-1065 These issues were discovered during development of Hardened-PHP. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0066 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1154 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html BugTraq ID: 11973 http://www.securityfocus.com/bid/11973 CERT/CC vulnerability note: VU#226184 http://www.kb.cert.org/vuls/id/226184 Debian Security Information: DSA-701 (Google Search) http://www.debian.org/security/2005/dsa-701 http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642 http://www.redhat.com/support/errata/RHSA-2005-020.html SCO Security Bulletin: SCOSA-2005.17 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt http://secunia.com/advisories/13453/ http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1 SuSE Security Announcement: SUSE-SA:2004:045 (Google Search) http://www.novell.com/linux/security/advisories/2004_45_samba.html XForce ISS Database: samba-msrpc-heap-corruption(18519) https://exchange.xforce.ibmcloud.com/vulnerabilities/18519 Common Vulnerability Exposure (CVE) ID: CVE-2004-1018 BugTraq ID: 12045 http://www.securityfocus.com/bid/12045 Bugtraq: 20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5 (Google Search) http://marc.info/?l=bugtraq&m=110314318531298&w=2 Bugtraq: 20041219 PHP shmop.c module permits write of arbitrary memory. (Google Search) http://www.securityfocus.com/archive/1/384920 https://bugzilla.fedora.us/show_bug.cgi?id=2344 HPdes Security Advisory: HPSBMA01212 http://www.securityfocus.com/advisories/9028 http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.hardened-php.net/advisories/012004.txt http://www.osvdb.org/12411 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10949 http://www.redhat.com/support/errata/RHSA-2005-032.html http://www.redhat.com/support/errata/RHSA-2005-816.html https://www.ubuntu.com/usn/usn-99-1/ XForce ISS Database: php-shmopwrite-outofbounds-memory(18515) https://exchange.xforce.ibmcloud.com/vulnerabilities/18515 Common Vulnerability Exposure (CVE) ID: CVE-2004-1019 http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511 http://www.redhat.com/support/errata/RHSA-2004-687.html SuSE Security Announcement: SUSE-SA:2005:002 (Google Search) http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html XForce ISS Database: php-unserialize-code-execution(18514) https://exchange.xforce.ibmcloud.com/vulnerabilities/18514 Common Vulnerability Exposure (CVE) ID: CVE-2004-1020 BugTraq ID: 11981 http://www.securityfocus.com/bid/11981 Bugtraq: 20041216 PHP Input Validation Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/384663 Conectiva Linux advisory: CLA-2005:915 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915 http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml XForce ISS Database: php-addslashes-view-files(18516) https://exchange.xforce.ibmcloud.com/vulnerabilities/18516 Common Vulnerability Exposure (CVE) ID: CVE-2004-1063 BugTraq ID: 11964 http://www.securityfocus.com/bid/11964 http://www.securityfocus.com/archive/1/384545 http://www.osvdb.org/12412 XForce ISS Database: php-safemodeexecdir-restriction-bypass(18511) https://exchange.xforce.ibmcloud.com/vulnerabilities/18511 Common Vulnerability Exposure (CVE) ID: CVE-2004-1064 https://www.ubuntu.com/usn/usn-99-2/ XForce ISS Database: php-realpath-safemode-bypass(18512) https://exchange.xforce.ibmcloud.com/vulnerabilities/18512 Common Vulnerability Exposure (CVE) ID: CVE-2004-1065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10877 XForce ISS Database: php-exifreaddata-bo(18517) https://exchange.xforce.ibmcloud.com/vulnerabilities/18517
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.