Test ID:	1.3.6.1.4.1.25623.1.0.58451
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1330-1)
Summary:	The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-1330-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-1330-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1399 Stefan Esser discovered that a buffer overflow in the zip extension allows the execution of arbitrary code. CVE-2007-1864 It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code. The oldstable distribution (sarge) doesn't include php5. For the stable distribution (etch) these problems have been fixed in version 5.2.0-8+etch7. For the unstable distribution (sid) these problems have been fixed in version 5.2.2-1. We recommend that you upgrade your PHP packages. Packages for the littleendian Mips architecture are not yet available, due to problems on the build host. They will be provided later. Affected Software/OS: 'php5' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1399 BugTraq ID: 22883 http://www.securityfocus.com/bid/22883 Debian Security Information: DSA-1330 (Google Search) http://www.debian.org/security/2007/dsa-1330 http://www.php-security.org/MOPB/MOPB-16-2007.html http://www.osvdb.org/32782 http://secunia.com/advisories/24471 http://secunia.com/advisories/24514 http://secunia.com/advisories/25938 SuSE Security Announcement: SUSE-SA:2007:020 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://www.vupen.com/english/advisories/2007/0898 XForce ISS Database: pecl-url-wrapper-bo(32889) https://exchange.xforce.ibmcloud.com/vulnerabilities/32889 Common Vulnerability Exposure (CVE) ID: CVE-2007-1864 1018024 http://www.securitytracker.com/id?1018024 2007-0017 http://www.trustix.org/errata/2007/0017/ 23813 http://www.securityfocus.com/bid/23813 25187 http://secunia.com/advisories/25187 25191 http://secunia.com/advisories/25191 25255 http://secunia.com/advisories/25255 25445 http://secunia.com/advisories/25445 25660 http://secunia.com/advisories/25660 25938 25945 http://secunia.com/advisories/25945 26048 http://secunia.com/advisories/26048 26102 http://secunia.com/advisories/26102 27377 http://secunia.com/advisories/27377 34674 http://osvdb.org/34674 ADV-2007-2187 http://www.vupen.com/english/advisories/2007/2187 DSA-1330 DSA-1331 http://www.debian.org/security/2007/dsa-1331 GLSA-200705-19 http://security.gentoo.org/glsa/glsa-200705-19.xml MDKSA-2007:102 http://www.mandriva.com/security/advisories?name=MDKSA-2007:102 MDKSA-2007:103 http://www.mandriva.com/security/advisories?name=MDKSA-2007:103 RHSA-2007:0348 https://rhn.redhat.com/errata/RHSA-2007-0348.html RHSA-2007:0349 http://www.redhat.com/support/errata/RHSA-2007-0349.html RHSA-2007:0355 http://www.redhat.com/support/errata/RHSA-2007-0355.html SUSE-SA:2007:044 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html USN-485-1 http://www.ubuntu.com/usn/usn-485-1 http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm http://us2.php.net/releases/4_4_7.php http://us2.php.net/releases/5_2_2.php https://issues.rpath.com/browse/RPL-1693 oval:org.mitre.oval:def:11257 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11257
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.