Test ID:	1.3.6.1.4.1.25623.1.0.57568
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2006-0061 (Multiple packages)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2006-0061. mutt < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: A race condition in the safe_open function, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. - The mutt_adv_mktemp function does not properly verify that temporary files that have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-5297 and CVE-2006-5298 to these issue. pam_ldap < TSL 3.0 > < TSL 2.2 > - New upstream. - SECURITY Fix: Steve Rigler has reported a security issue which can be exploited by malicious people to bypass certain security restrictions. The issue is caused due to an error within the handling of PasswordPolicyResponse control messages when authenticating against an LDAP server. This causes the pam_authenticate() function to always succeed, even if the previous authentication failed. The common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-5170 to this issue. php < TSL 3.0 > < TSL 2.2 > - New Upstream. - SECURITY Fix: Some vulnerabilities have been reported in PHP, caused due to boundary errors within the htmlentities() and htmlspecialchars() functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause buffer overflows by passing specially crafted data to the affected application. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-5465 to this issue. - Added support for mcrypt, Bug #1956. - Added support for pdo-sqlite, pdo-mysql and sqlite, Bug #1959. - Included openssl support, Bug #1958. - Added buildrequires expat-devel and fontconfig-devel, Bug #2011. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0061 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5297 BugTraq ID: 20733 http://www.securityfocus.com/bid/20733 http://www.mandriva.com/security/advisories?name=MDKSA-2006:190 http://marc.info/?l=mutt-dev&m=115999486426292&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601 http://www.redhat.com/support/errata/RHSA-2007-0386.html http://secunia.com/advisories/22613 http://secunia.com/advisories/22640 http://secunia.com/advisories/22685 http://secunia.com/advisories/22686 http://secunia.com/advisories/25529 http://www.trustix.org/errata/2006/0061/ http://www.ubuntu.com/usn/usn-373-1 http://www.vupen.com/english/advisories/2006/4176 Common Vulnerability Exposure (CVE) ID: CVE-2006-5298 Common Vulnerability Exposure (CVE) ID: CVE-2006-5170 1017153 http://securitytracker.com/id?1017153 2006-0061 20061005 rPSA-2006-0183-1 nss_ldap http://www.securityfocus.com/archive/1/447859/100/200/threaded 20880 http://www.securityfocus.com/bid/20880 22682 http://secunia.com/advisories/22682 22685 22694 http://secunia.com/advisories/22694 22696 http://secunia.com/advisories/22696 22869 http://secunia.com/advisories/22869 23132 http://secunia.com/advisories/23132 23428 http://secunia.com/advisories/23428 ADV-2006-4319 http://www.vupen.com/english/advisories/2006/4319 DSA-1203 http://www.debian.org/security/2006/dsa-1203 GLSA-200612-19 http://security.gentoo.org/glsa/glsa-200612-19.xml MDKSA-2006:201 http://www.mandriva.com/security/advisories?name=MDKSA-2006:201 RHSA-2006:0719 http://rhn.redhat.com/errata/RHSA-2006-0719.html SUSE-SR:2006:027 http://www.novell.com/linux/security/advisories/2006_27_sr.html http://bugzilla.padl.com/show_bug.cgi?id=291 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286 https://issues.rpath.com/browse/RPL-680 oval:org.mitre.oval:def:10418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418 Common Vulnerability Exposure (CVE) ID: CVE-2006-5465 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html BugTraq ID: 20879 http://www.securityfocus.com/bid/20879 Bugtraq: 20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/450431/100/0/threaded Bugtraq: 20061109 rPSA-2006-0205-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/451098/100/0/threaded Bugtraq: 20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability (Google Search) http://www.securityfocus.com/archive/1/453024/100/0/threaded Cert/CC Advisory: TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html Cisco Security Advisory: 20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml Cisco Security Advisory: 20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html Debian Security Information: DSA-1206 (Google Search) http://www.debian.org/security/2006/dsa-1206 http://security.gentoo.org/glsa/glsa-200703-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:196 http://www.hardened-php.net/advisory_132006.138.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240 http://www.redhat.com/support/errata/RHSA-2006-0730.html http://www.redhat.com/support/errata/RHSA-2006-0731.html RedHat Security Advisories: RHSA-2006:0736 http://rhn.redhat.com/errata/RHSA-2006-0736.html http://securitytracker.com/id?1017152 http://securitytracker.com/id?1017296 http://secunia.com/advisories/22653 http://secunia.com/advisories/22688 http://secunia.com/advisories/22693 http://secunia.com/advisories/22713 http://secunia.com/advisories/22753 http://secunia.com/advisories/22759 http://secunia.com/advisories/22779 http://secunia.com/advisories/22881 http://secunia.com/advisories/22929 http://secunia.com/advisories/23139 http://secunia.com/advisories/23155 http://secunia.com/advisories/23247 http://secunia.com/advisories/24606 http://secunia.com/advisories/25047 SGI Security Advisory: 20061101-01-P ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P SuSE Security Announcement: SUSE-SA:2006:067 (Google Search) http://www.novell.com/linux/security/advisories/2006_67_php.html TurboLinux Advisory: TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt http://www.ubuntu.com/usn/usn-375-1 http://www.vupen.com/english/advisories/2006/4317 http://www.vupen.com/english/advisories/2006/4749 http://www.vupen.com/english/advisories/2006/4750 http://www.vupen.com/english/advisories/2007/1546 XForce ISS Database: php-htmlentities-bo(29971) https://exchange.xforce.ibmcloud.com/vulnerabilities/29971
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.