Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57125
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0567
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0567.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A flaw was found in the zend_hash_del() PHP function. For PHP scripts that
rely on the use of the unset() function, a remote attacker could force
variable initialization to be bypassed. This would be a security issue
particularly for installations that enable the register_globals setting.
register_globals is disabled by default in Red Hat Enterprise Linux.
(CVE-2006-3017)

A directory traversal vulnerability was found in PHP. Local users could
bypass open_basedir restrictions allowing remote attackers to create files
in arbitrary directories via the tempnam() function. (CVE-2006-1494)

A flaw was found in the PHP IMAP MIME header decoding function. An
attacker could craft a message with an overly long header which caused
PHP to crash. (CVE-2002-2214)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0567.html
http://www.php.net/register_globals
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2002-2214
http://www.redhat.com/support/errata/RHSA-2006-0567.html
http://secunia.com/advisories/21202
Common Vulnerability Exposure (CVE) ID: CVE-2006-1494
BugTraq ID: 17439
http://www.securityfocus.com/bid/17439
Bugtraq: 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/447866/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10196
RedHat Security Advisories: RHSA-2006:0549
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://www.redhat.com/support/errata/RHSA-2006-0568.html
http://securitytracker.com/id?1015881
http://secunia.com/advisories/19599
http://secunia.com/advisories/19775
http://secunia.com/advisories/19979
http://secunia.com/advisories/21031
http://secunia.com/advisories/21125
http://secunia.com/advisories/21135
http://secunia.com/advisories/21252
http://secunia.com/advisories/21723
http://secunia.com/advisories/22225
SGI Security Advisory: 20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://securityreason.com/securityalert/677
http://securityreason.com/achievement_securityalert/36
SuSE Security Announcement: SUSE-SA:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/05-05-2006.html
http://www.ubuntu.com/usn/usn-320-1
http://www.vupen.com/english/advisories/2006/1290
XForce ISS Database: php-tempnam-directory-traversal(25705)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25705
Common Vulnerability Exposure (CVE) ID: CVE-2006-3017
BugTraq ID: 17843
http://www.securityfocus.com/bid/17843
Bugtraq: 20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/442437/100/0/threaded
Debian Security Information: DSA-1206 (Google Search)
http://www.debian.org/security/2006/dsa-1206
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
http://www.osvdb.org/25255
http://www.osvdb.org/26466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
http://securitytracker.com/id?1016306
http://securitytracker.com/id?1016649
http://secunia.com/advisories/19927
http://secunia.com/advisories/21050
http://secunia.com/advisories/22713
SuSE Security Announcement: SUSE-SA:2006:031 (Google Search)
http://www.novell.com/linux/security/advisories/2006_31_php.html
SuSE Security Announcement: SUSE-SA:2006:034 (Google Search)
http://www.novell.com/linux/security/advisories/2006_34_php4.html
TurboLinux Advisory: TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
https://usn.ubuntu.com/320-1/
XForce ISS Database: php-zendhashdel-unspecified(27396)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.