Test ID:	1.3.6.1.4.1.25623.1.0.55517
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-840-1)
Summary:	The remote host is missing an update for the Debian 'drupal' package(s) announced via the DSA-840-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'drupal' package(s) announced via the DSA-840-1 advisory. Vulnerability Insight: Stefan Esser of the Hardened-PHP Project reported a serious vulnerability in the third-party XML-RPC library included with some Drupal versions. An attacker could execute arbitrary PHP code on a target site. This update pulls in the latest XML-RPC version from upstream. The old stable distribution (woody) is not affected by this problem since no drupal is included. For the stable distribution (sarge) this problem has been fixed in version 4.5.3-4. For the unstable distribution (sid) this problem has been fixed in version 4.5.5-1. We recommend that you upgrade your drupal package. Affected Software/OS: 'drupal' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2498 14560 http://www.securityfocus.com/bid/14560 16431 http://secunia.com/advisories/16431 16432 http://secunia.com/advisories/16432 16441 http://secunia.com/advisories/16441 16460 http://secunia.com/advisories/16460 16465 http://secunia.com/advisories/16465 16468 http://secunia.com/advisories/16468 16469 http://secunia.com/advisories/16469 16491 http://secunia.com/advisories/16491 16550 http://secunia.com/advisories/16550 16558 http://secunia.com/advisories/16558 16563 http://secunia.com/advisories/16563 16619 http://secunia.com/advisories/16619 16635 http://secunia.com/advisories/16635 16693 http://secunia.com/advisories/16693 16976 http://secunia.com/advisories/16976 17053 http://secunia.com/advisories/17053 17066 http://secunia.com/advisories/17066 17440 http://secunia.com/advisories/17440 20050815 Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability http://www.securityfocus.com/archive/1/408125 20050815 [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue http://marc.info/?l=bugtraq&m=112412415822890&w=2 20050817 [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities http://marc.info/?l=bugtraq&m=112431497300344&w=2 DSA-789 http://www.debian.org/security/2005/dsa-789 DSA-798 http://www.debian.org/security/2005/dsa-798 DSA-840 http://www.debian.org/security/2005/dsa-840 DSA-842 http://www.debian.org/security/2005/dsa-842 FLSA:166943 http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html GLSA-200509-19 http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml RHSA-2005:748 http://www.redhat.com/support/errata/RHSA-2005-748.html SUSE-SA:2005:049 http://www.novell.com/linux/security/advisories/2005_49_php.html SUSE-SA:2005:051 http://marc.info/?l=bugtraq&m=112605112027335&w=2 http://www.hardened-php.net/advisory_152005.67.html oval:org.mitre.oval:def:9569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.