Test ID:	1.3.6.1.4.1.25623.1.0.55137
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:146 (php-pear)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php-pear announced via advisory MDKSA-2005:146. A problem was discovered in the PEAR XML-RPC Server package included in the php-pear package. If a PHP script which implements the XML-RPC Server is used, it would be possible for a remote attacker to construct an XML-RPC request which would cause PHP to execute arbitrary commands as the 'apache' user. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:146 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	BugTraq ID: 14560 Common Vulnerability Exposure (CVE) ID: CVE-2005-2498 http://www.securityfocus.com/bid/14560 Bugtraq: 20050815 Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability (Google Search) http://www.securityfocus.com/archive/1/408125 Bugtraq: 20050815 [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue (Google Search) http://marc.info/?l=bugtraq&m=112412415822890&w=2 Bugtraq: 20050817 [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=112431497300344&w=2 Debian Security Information: DSA-789 (Google Search) http://www.debian.org/security/2005/dsa-789 Debian Security Information: DSA-798 (Google Search) http://www.debian.org/security/2005/dsa-798 Debian Security Information: DSA-840 (Google Search) http://www.debian.org/security/2005/dsa-840 Debian Security Information: DSA-842 (Google Search) http://www.debian.org/security/2005/dsa-842 http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml http://www.hardened-php.net/advisory_152005.67.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569 http://www.redhat.com/support/errata/RHSA-2005-748.html http://secunia.com/advisories/16431 http://secunia.com/advisories/16432 http://secunia.com/advisories/16441 http://secunia.com/advisories/16460 http://secunia.com/advisories/16465 http://secunia.com/advisories/16468 http://secunia.com/advisories/16469 http://secunia.com/advisories/16491 http://secunia.com/advisories/16550 http://secunia.com/advisories/16558 http://secunia.com/advisories/16563 http://secunia.com/advisories/16619 http://secunia.com/advisories/16635 http://secunia.com/advisories/16693 http://secunia.com/advisories/16976 http://secunia.com/advisories/17053 http://secunia.com/advisories/17066 http://secunia.com/advisories/17440 SuSE Security Announcement: SUSE-SA:2005:049 (Google Search) http://www.novell.com/linux/security/advisories/2005_49_php.html SuSE Security Announcement: SUSE-SA:2005:051 (Google Search) http://marc.info/?l=bugtraq&m=112605112027335&w=2
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.