Test ID:	1.3.6.1.4.1.25623.1.0.55857
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200511-08 (PHP)
Summary:	The remote host is missing updates announced in;advisory GLSA 200511-08.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200511-08. Vulnerability Insight: PHP suffers from multiple issues, resulting in security functions bypass, local Denial of service, cross-site scripting or PHP variables overwrite. Solution: All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php All mod_php users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/mod_php All php-cgi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php-cgi CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3054 BugTraq ID: 14957 http://www.securityfocus.com/bid/14957 http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:213 http://secunia.com/advisories/17229 http://secunia.com/advisories/17371 http://secunia.com/advisories/17510 http://secunia.com/advisories/17557 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html https://usn.ubuntu.com/207-1/ http://www.vupen.com/english/advisories/2005/1862 http://www.vupen.com/english/advisories/2005/2254 Common Vulnerability Exposure (CVE) ID: CVE-2005-3319 http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html BugTraq ID: 15177 http://www.securityfocus.com/bid/15177 BugTraq ID: 16907 http://www.securityfocus.com/bid/16907 Bugtraq: 20051024 php < 4.4.1 htaccess apache dos (Google Search) http://marc.info/?l=bugtraq&m=113019286208204&w=2 Cert/CC Advisory: TA06-062A http://www.us-cert.gov/cas/techalerts/TA06-062A.html http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0491.html HPdes Security Advisory: HPSBMA02159 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 HPdes Security Advisory: SSRT061238 http://www.osvdb.org/20491 http://secunia.com/advisories/18198 http://secunia.com/advisories/19064 http://secunia.com/advisories/22691 http://securityreason.com/securityalert/525 https://www.ubuntu.com/usn/usn-232-1/ http://www.vupen.com/english/advisories/2006/0791 http://www.vupen.com/english/advisories/2006/4320 XForce ISS Database: php-htaccess-dos(22844) https://exchange.xforce.ibmcloud.com/vulnerabilities/22844 Common Vulnerability Exposure (CVE) ID: CVE-2005-3388 BugTraq ID: 15248 http://www.securityfocus.com/bid/15248 Bugtraq: 20051031 Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo() (Google Search) http://www.securityfocus.com/archive/1/415292 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE/ http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html http://www.hardened-php.net/advisory_182005.77.html http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10542 http://www.redhat.com/support/errata/RHSA-2005-831.html http://www.redhat.com/support/errata/RHSA-2005-838.html RedHat Security Advisories: RHSA-2006:0549 http://rhn.redhat.com/errata/RHSA-2006-0549.html http://securitytracker.com/id?1015130 http://secunia.com/advisories/17490 http://secunia.com/advisories/17531 http://secunia.com/advisories/17559 http://secunia.com/advisories/18669 http://secunia.com/advisories/21252 http://securityreason.com/securityalert/133 SuSE Security Announcement: SUSE-SR:2005:026 (Google Search) SuSE Security Announcement: SUSE-SR:2005:027 (Google Search) http://www.novell.com/linux/security/advisories/2005_27_sr.html TurboLinux Advisory: TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt Common Vulnerability Exposure (CVE) ID: CVE-2005-3389 BugTraq ID: 15249 http://www.securityfocus.com/bid/15249 Bugtraq: 20051031 Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str() (Google Search) http://www.securityfocus.com/archive/1/415291 http://www.hardened-php.net/advisory_192005.78.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11481 http://securitytracker.com/id?1015131 http://secunia.com/advisories/18054 http://securityreason.com/securityalert/134 SuSE Security Announcement: SUSE-SA:2005:069 (Google Search) http://www.securityfocus.com/archive/1/419504/100/0/threaded Common Vulnerability Exposure (CVE) ID: CVE-2005-3390 BugTraq ID: 15250 http://www.securityfocus.com/bid/15250 Bugtraq: 20051031 Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability (Google Search) http://www.securityfocus.com/archive/1/415290/30/0/threaded http://www.hardened-php.net/advisory_202005.79.html http://www.hardened-php.net/globals-problem https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537 http://securitytracker.com/id?1015129 http://securityreason.com/securityalert/132 Common Vulnerability Exposure (CVE) ID: CVE-2005-3391 BugTraq ID: 15411 http://www.securityfocus.com/bid/15411 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:035 http://www.osvdb.org/20898 http://secunia.com/advisories/18763 Common Vulnerability Exposure (CVE) ID: CVE-2005-3392 BugTraq ID: 15413 http://www.securityfocus.com/bid/15413 http://www.osvdb.org/20897 XForce ISS Database: php-virtual-bypass-security(22924) https://exchange.xforce.ibmcloud.com/vulnerabilities/22924
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.