Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56629
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0276
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0276.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks against
sites that have publicly-available PHP scripts that call phpinfo().
(CVE-2006-0996)

The html_entity_decode() PHP function was found to not be binary safe. An
attacker could use this flaw to disclose a certain part of the memory. In
order for this issue to be exploitable the target site would need to have a
PHP script which called the html_entity_decode() function with untrusted
input from the user and displayed the result. (CVE-2006-1490)

The error handling output was found to not properly escape HTML output in
certain cases. An attacker could use this flaw to perform cross-site
scripting attacks against sites where both display_errors and html_errors
are enabled. (CVE-2006-0208)

An input validation error was found in the mb_send_mail() function. An
attacker could use this flaw to inject arbitrary headers in a mail sent via
a script calling the mb_send_mail() function where the To parameter can
be controlled by the attacker. (CVE-2005-3883)

A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static c-client
libraries from imap and therefore needed to be recompiled against the fixed
version. This issue only affected Red Hat Enterprise Linux 3.
(CVE-2005-2933).

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-2933
BugTraq ID: 15009
http://www.securityfocus.com/bid/15009
CERT/CC vulnerability note: VU#933601
http://www.kb.cert.org/vuls/id/933601
Debian Security Information: DSA-861 (Google Search)
http://www.debian.org/security/2005/dsa-861
http://www.securityfocus.com/archive/1/430296/100/0/threaded
http://www.securityfocus.com/archive/1/430303/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html
http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=true
http://www.mandriva.com/security/advisories?name=MDKSA-2005:189
http://www.mandriva.com/security/advisories?name=MDKSA-2005:194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858
http://www.redhat.com/support/errata/RHSA-2005-848.html
http://www.redhat.com/support/errata/RHSA-2005-850.html
RedHat Security Advisories: RHSA-2006:0276
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://www.redhat.com/support/errata/RHSA-2006-0501.html
RedHat Security Advisories: RHSA-2006:0549
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://securitytracker.com/id?1015000
http://secunia.com/advisories/17062/
http://secunia.com/advisories/17148
http://secunia.com/advisories/17152
http://secunia.com/advisories/17215
http://secunia.com/advisories/17276
http://secunia.com/advisories/17336
http://secunia.com/advisories/17483
http://secunia.com/advisories/17928
http://secunia.com/advisories/17930
http://secunia.com/advisories/17950
http://secunia.com/advisories/18554
http://secunia.com/advisories/19832
http://secunia.com/advisories/20210
http://secunia.com/advisories/20222
http://secunia.com/advisories/20951
http://secunia.com/advisories/21252
http://secunia.com/advisories/21564
SGI Security Advisory: 20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
SGI Security Advisory: 20060501-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.500161
http://securityreason.com/securityalert/47
SuSE Security Announcement: SUSE-SR:2005:023 (Google Search)
http://www.novell.com/linux/security/advisories/2005_23_sr.html
http://www.vupen.com/english/advisories/2006/2685
XForce ISS Database: uw-imap-mailbox-name-bo(22518)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22518
Common Vulnerability Exposure (CVE) ID: CVE-2005-3883
BugTraq ID: 15571
http://www.securityfocus.com/bid/15571
http://www.mandriva.com/security/advisories?name=MDKSA-2005:238
http://bugs.php.net/bug.php?id=35307
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10332
http://securitytracker.com/id?1015296
http://secunia.com/advisories/17763
http://secunia.com/advisories/18054
http://secunia.com/advisories/18198
SuSE Security Announcement: SUSE-SA:2005:069 (Google Search)
http://www.securityfocus.com/archive/1/419504/100/0/threaded
TurboLinux Advisory: TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
https://www.ubuntu.com/usn/usn-232-1/
XForce ISS Database: php-mbsendmail-header-injection(23270)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23270
Common Vulnerability Exposure (CVE) ID: CVE-2006-0208
BugTraq ID: 16803
http://www.securityfocus.com/bid/16803
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
http://secunia.com/advisories/18431
http://secunia.com/advisories/18697
http://secunia.com/advisories/19012
http://secunia.com/advisories/19179
http://secunia.com/advisories/19355
SuSE Security Announcement: SUSE-SR:2006:004 (Google Search)
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
https://usn.ubuntu.com/261-1/
http://www.vupen.com/english/advisories/2006/0177
http://www.vupen.com/english/advisories/2006/0369
Common Vulnerability Exposure (CVE) ID: CVE-2006-0996
BugTraq ID: 17362
http://www.securityfocus.com/bid/17362
http://security.gentoo.org/glsa/glsa-200605-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
http://marc.info/?l=php-cvs&m=114374620416389&w=2
http://www.osvdb.org/24484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997
http://securitytracker.com/id?1015879
http://secunia.com/advisories/19599
http://secunia.com/advisories/19775
http://secunia.com/advisories/19979
http://secunia.com/advisories/20052
http://secunia.com/advisories/21125
http://securityreason.com/securityalert/675
http://securityreason.com/achievement_securityalert/34
SuSE Security Announcement: SUSE-SA:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/05-05-2006.html
http://www.ubuntu.com/usn/usn-320-1
http://www.vupen.com/english/advisories/2006/1290
XForce ISS Database: php-phpinfo-long-array-xss(25702)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25702
Common Vulnerability Exposure (CVE) ID: CVE-2006-1490
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
BugTraq ID: 17296
http://www.securityfocus.com/bid/17296
Bugtraq: 20060328 Critical PHP bug - act ASAP if you are running web with sensitive data (Google Search)
http://www.securityfocus.com/archive/1/429164/100/0/threaded
Bugtraq: 20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data (Google Search)
http://www.securityfocus.com/archive/1/429162/100/0/threaded
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:063
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084
http://secunia.com/advisories/19383
http://secunia.com/advisories/19499
http://secunia.com/advisories/19570
http://secunia.com/advisories/23155
http://www.trustix.org/errata/2006/0020
http://www.vupen.com/english/advisories/2006/1149
http://www.vupen.com/english/advisories/2006/4750
XForce ISS Database: php-htmlentitydecode-information-disclosure(25508)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25508
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.