English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57176
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-320-1 (php5)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to php5
announced via advisory USN-320-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

For details on the security issues fixed, please visit the referenced
security advisories.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libapache2-mod-php4 4:4.3.10-10ubuntu4.5
php4-cgi 4:4.3.10-10ubuntu4.5
php4-cli 4:4.3.10-10ubuntu4.5

Ubuntu 5.10:
libapache2-mod-php5 5.0.5-2ubuntu1.3
php5-cgi 5.0.5-2ubuntu1.3
php5-cli 5.0.5-2ubuntu1.3
php5-curl 5.0.5-2ubuntu1.3

Ubuntu 6.06 LTS:
libapache2-mod-php5 5.1.2-1ubuntu3.1
php5-cgi 5.1.2-1ubuntu3.1
php5-cli 5.1.2-1ubuntu3.1
php5-curl 5.1.2-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-320-1

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0996
BugTraq ID: 17362
http://www.securityfocus.com/bid/17362
http://security.gentoo.org/glsa/glsa-200605-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
http://marc.info/?l=php-cvs&m=114374620416389&w=2
http://www.osvdb.org/24484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997
RedHat Security Advisories: RHSA-2006:0276
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://www.redhat.com/support/errata/RHSA-2006-0501.html
RedHat Security Advisories: RHSA-2006:0549
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://securitytracker.com/id?1015879
http://secunia.com/advisories/19599
http://secunia.com/advisories/19775
http://secunia.com/advisories/19832
http://secunia.com/advisories/19979
http://secunia.com/advisories/20052
http://secunia.com/advisories/20210
http://secunia.com/advisories/20222
http://secunia.com/advisories/20951
http://secunia.com/advisories/21125
http://secunia.com/advisories/21252
http://secunia.com/advisories/21564
SGI Security Advisory: 20060501-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://securityreason.com/securityalert/675
http://securityreason.com/achievement_securityalert/34
SuSE Security Announcement: SUSE-SA:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/05-05-2006.html
http://www.ubuntu.com/usn/usn-320-1
http://www.vupen.com/english/advisories/2006/1290
http://www.vupen.com/english/advisories/2006/2685
XForce ISS Database: php-phpinfo-long-array-xss(25702)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25702
Common Vulnerability Exposure (CVE) ID: CVE-2006-1490
17296
http://www.securityfocus.com/bid/17296
19383
http://secunia.com/advisories/19383
19499
http://secunia.com/advisories/19499
19570
http://secunia.com/advisories/19570
19832
19979
20052
2006-0020
http://www.trustix.org/errata/2006/0020
20060328 Critical PHP bug - act ASAP if you are running web with sensitive data
http://www.securityfocus.com/archive/1/429164/100/0/threaded
20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
http://www.securityfocus.com/archive/1/429162/100/0/threaded
20060501-01-U
20210
20951
21125
23155
http://secunia.com/advisories/23155
ADV-2006-1149
http://www.vupen.com/english/advisories/2006/1149
ADV-2006-2685
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
GLSA-200605-08
MDKSA-2006:063
http://www.mandriva.com/security/advisories?name=MDKSA-2006:063
RHSA-2006:0276
SUSE-SA:2006:024
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
USN-320-1
http://bugs.gentoo.org/show_bug.cgi?id=127939
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log
http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
oval:org.mitre.oval:def:11084
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084
php-htmlentitydecode-information-disclosure(25508)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25508
Common Vulnerability Exposure (CVE) ID: CVE-2006-1494
BugTraq ID: 17439
http://www.securityfocus.com/bid/17439
Bugtraq: 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/447866/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10196
http://www.redhat.com/support/errata/RHSA-2006-0567.html
http://www.redhat.com/support/errata/RHSA-2006-0568.html
http://securitytracker.com/id?1015881
http://secunia.com/advisories/21031
http://secunia.com/advisories/21135
http://secunia.com/advisories/21202
http://secunia.com/advisories/21723
http://secunia.com/advisories/22225
SGI Security Advisory: 20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://securityreason.com/securityalert/677
http://securityreason.com/achievement_securityalert/36
XForce ISS Database: php-tempnam-directory-traversal(25705)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25705
Common Vulnerability Exposure (CVE) ID: CVE-2006-1608
Bugtraq: 20060409 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 (Google Search)
http://www.securityfocus.com/archive/1/430461/100/0/threaded
Bugtraq: 20060718 new shell bypass safe mode (Google Search)
http://www.securityfocus.com/archive/1/440869/100/0/threaded
Bugtraq: 20060723 Re: new shell bypass safe mode (Google Search)
http://www.securityfocus.com/archive/1/441210/100/0/threaded
http://www.osvdb.org/24487
http://securitytracker.com/id?1015882
http://securityreason.com/securityalert/678
http://securityreason.com/achievement_securityalert/37
XForce ISS Database: php-copy-safemode-bypass(25706)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25706
Common Vulnerability Exposure (CVE) ID: CVE-2006-1990
1015979
http://securitytracker.com/id?1015979
19803
http://secunia.com/advisories/19803
20060701-01-U
20061005 rPSA-2006-0182-1 php php-mysql php-pgsql
20222
20269
http://secunia.com/advisories/20269
20676
http://secunia.com/advisories/20676
21031
21050
http://secunia.com/advisories/21050
21135
21252
21564
21723
22225
ADV-2006-1500
http://www.vupen.com/english/advisories/2006/1500
MDKSA-2006:091
http://www.mandriva.com/security/advisories?name=MDKSA-2006:091
MDKSA-2006:122
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
RHSA-2006:0501
RHSA-2006:0549
RHSA-2006:0568
SUSE-SA:2006:031
http://www.novell.com/linux/security/advisories/2006_31_php.html
TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02
https://issues.rpath.com/browse/RPL-683
oval:org.mitre.oval:def:9696
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9696
php-wordwrap-string-bo(26001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26001
Common Vulnerability Exposure (CVE) ID: CVE-2006-1991
SuSE Security Announcement: SUSE-SA:2006:031 (Google Search)
XForce ISS Database: php-substrcompare-length-dos(26003)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26003
Common Vulnerability Exposure (CVE) ID: CVE-2006-2563
BugTraq ID: 18116
http://www.securityfocus.com/bid/18116
http://securitytracker.com/id?1016175
http://secunia.com/advisories/20337
http://secunia.com/advisories/21847
http://secunia.com/advisories/22039
http://securityreason.com/securityalert/959
http://securityreason.com/achievement_securityalert/39
SuSE Security Announcement: SUSE-SA:2006:052 (Google Search)
http://www.novell.com/linux/security/advisories/2006_52_php.html
SuSE Security Announcement: SUSE-SR:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.vupen.com/english/advisories/2006/2055
XForce ISS Database: php-curl-safemode-bypass(26764)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26764
Common Vulnerability Exposure (CVE) ID: CVE-2006-2660
Bugtraq: 20060611 tempnam() Bypass unique file name PHP 5.1.4 (Google Search)
http://www.securityfocus.com/archive/1/436785/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0209.html
http://securitytracker.com/id?1016271
http://securityreason.com/securityalert/1069
XForce ISS Database: php-tempnam-bypass(27049)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27049
Common Vulnerability Exposure (CVE) ID: CVE-2006-3011
BugTraq ID: 18645
http://www.securityfocus.com/bid/18645
http://www.osvdb.org/26827
http://securitytracker.com/id?1016377
http://secunia.com/advisories/20818
http://secunia.com/advisories/21546
http://securityreason.com/securityalert/1129
http://securityreason.com/achievement_securityalert/41
http://www.vupen.com/english/advisories/2006/2523
XForce ISS Database: php-errorlog-safe-mode-bypass(27414)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27414
Common Vulnerability Exposure (CVE) ID: CVE-2006-3016
BugTraq ID: 17843
http://www.securityfocus.com/bid/17843
http://www.osvdb.org/25253
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597
http://www.redhat.com/support/errata/RHSA-2006-0669.html
http://www.redhat.com/support/errata/RHSA-2006-0682.html
RedHat Security Advisories: RHSA-2006:0736
http://rhn.redhat.com/errata/RHSA-2006-0736.html
http://securitytracker.com/id?1016306
http://secunia.com/advisories/19927
http://secunia.com/advisories/22004
http://secunia.com/advisories/22069
http://secunia.com/advisories/22440
http://secunia.com/advisories/22487
http://secunia.com/advisories/23247
SGI Security Advisory: 20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
TurboLinux Advisory: TLSA-2006-38
Common Vulnerability Exposure (CVE) ID: CVE-2006-3018
http://www.osvdb.org/25254
Common Vulnerability Exposure (CVE) ID: CVE-2006-3017
Bugtraq: 20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/442437/100/0/threaded
Debian Security Information: DSA-1206 (Google Search)
http://www.debian.org/security/2006/dsa-1206
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
http://www.osvdb.org/25255
http://www.osvdb.org/26466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
http://securitytracker.com/id?1016649
http://secunia.com/advisories/22713
SuSE Security Announcement: SUSE-SA:2006:034 (Google Search)
http://www.novell.com/linux/security/advisories/2006_34_php4.html
https://usn.ubuntu.com/320-1/
XForce ISS Database: php-zendhashdel-unspecified(27396)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.