Test ID:	1.3.6.1.4.1.25623.1.0.55877
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-897-1)
Summary:	The remote host is missing an update for the Debian 'phpsysinfo' package(s) announced via the DSA-897-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'phpsysinfo' package(s) announced via the DSA-897-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all were fixed in DSA 724. CVE-2005-3347 Christopher Kunz discovered that local variables get overwritten unconditionally and are trusted later, which could lead to the inclusion of arbitrary files. CVE-2005-3348 Christopher Kunz discovered that user-supplied input is used unsanitised, causing a HTTP Response splitting problem. For the old stable distribution (woody) these problems have been fixed in version 2.0-3woody3. For the stable distribution (sarge) these problems have been fixed in version 2.3-4sarge1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your phpsysinfo package. Affected Software/OS: 'phpsysinfo' package(s) on Debian 3.0, Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0870 BugTraq ID: 12887 http://www.securityfocus.com/bid/12887 BugTraq ID: 15414 http://www.securityfocus.com/bid/15414 Bugtraq: 20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=111161017209422&w=2 Bugtraq: 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (Google Search) http://www.securityfocus.com/archive/1/416543 Debian Security Information: DSA-724 (Google Search) http://www.debian.org/security/2005/dsa-724 Debian Security Information: DSA-897 (Google Search) http://www.debian.org/security/2005/dsa-897 Debian Security Information: DSA-898 (Google Search) http://www.debian.org/security/2005/dsa-898 Debian Security Information: DSA-899 (Google Search) http://www.debian.org/security/2005/dsa-899 http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118 http://secunia.com/advisories/14690/ http://secunia.com/advisories/17616 http://secunia.com/advisories/17643 XForce ISS Database: phpsysinfo-sensor-program-xss(19807) https://exchange.xforce.ibmcloud.com/vulnerabilities/19807 Common Vulnerability Exposure (CVE) ID: CVE-2005-3347 BugTraq ID: 15396 http://www.securityfocus.com/bid/15396 http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml http://www.hardened-php.net/advisory_212005.81.html http://secunia.com/advisories/17441 http://secunia.com/advisories/17570 http://secunia.com/advisories/17584 http://secunia.com/advisories/17620 http://secunia.com/advisories/17698 XForce ISS Database: phpsysinfo-registerglobal-data-manipulation(23107) https://exchange.xforce.ibmcloud.com/vulnerabilities/23107 Common Vulnerability Exposure (CVE) ID: CVE-2005-3348
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.