English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59261
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2007:044 (php4,php5)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory SUSE-SA:2007:044.

The scripting language implementations PHP4 and PHP5 have been updated to
fix several security issues.

The updates have been released over the last weeks after they passed QA,
this summarizes this set of updates.

The following issues have been fixed:
- CVE-2007-3007: missing open_basedir and safe_mode restriction
in realpath
- CVE-2007-2872: chunk_split() integer overflow
- CVE-2007-2756: DoS condition in libgd's image processing
- CVE-2007-1396: possible super-global overwrite inside
import_request_variables()
- CVE-2007-2511: buffer overflow inside user_filter_factory_create()
- CVE-2007-1864: remotely trigger-able buffer overflow inside
bundled libxmlrpc
- CVE-2007-2509: CRLF injection inside ftp_putcmd()
- CVE-2007-2510: remotely trigger-able buffer overflow inside
make_http_soap_request()
- CVE-2007-0906 / MOPB-41-2007: PHP 5 sqlite_udf_decode_binary()
Buffer Overflow Vulnerability
- CVE-2007-1285 / MOPB-03-2007: fixed deep recursion DoS by limiting
the nesting level of input variables

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:044

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0906
BugTraq ID: 22496
http://www.securityfocus.com/bid/22496
Bugtraq: 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/461462/100/0/threaded
Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/466166/100/0/threaded
Debian Security Information: DSA-1264 (Google Search)
http://www.us.debian.org/security/2007/dsa-1264
http://security.gentoo.org/glsa/glsa-200703-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
http://www.osvdb.org/32776
http://osvdb.org/34706
http://osvdb.org/34707
http://osvdb.org/34708
http://osvdb.org/34709
http://osvdb.org/34710
http://osvdb.org/34711
http://osvdb.org/34712
http://osvdb.org/34713
http://osvdb.org/34714
http://osvdb.org/34715
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8992
http://www.redhat.com/support/errata/RHSA-2007-0076.html
http://www.redhat.com/support/errata/RHSA-2007-0081.html
http://www.redhat.com/support/errata/RHSA-2007-0082.html
http://www.redhat.com/support/errata/RHSA-2007-0088.html
RedHat Security Advisories: RHSA-2007:0089
http://rhn.redhat.com/errata/RHSA-2007-0089.html
http://www.securitytracker.com/id?1017671
http://secunia.com/advisories/24089
http://secunia.com/advisories/24195
http://secunia.com/advisories/24217
http://secunia.com/advisories/24236
http://secunia.com/advisories/24248
http://secunia.com/advisories/24284
http://secunia.com/advisories/24295
http://secunia.com/advisories/24322
http://secunia.com/advisories/24419
http://secunia.com/advisories/24421
http://secunia.com/advisories/24432
http://secunia.com/advisories/24514
http://secunia.com/advisories/24606
http://secunia.com/advisories/24642
http://secunia.com/advisories/24945
http://secunia.com/advisories/26048
SGI Security Advisory: 20070201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
SuSE Security Announcement: SUSE-SA:2007:020 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
SuSE Security Announcement: SUSE-SA:2007:044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://www.trustix.org/errata/2007/0009/
http://www.ubuntu.com/usn/usn-424-1
http://www.ubuntu.com/usn/usn-424-2
http://www.vupen.com/english/advisories/2007/0546
Common Vulnerability Exposure (CVE) ID: CVE-2007-1285
BugTraq ID: 22764
http://www.securityfocus.com/bid/22764
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
http://www.php-security.org/MOPB/MOPB-03-2007.html
http://www.osvdb.org/32769
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017
RedHat Security Advisories: RHSA-2007:0154
http://rhn.redhat.com/errata/RHSA-2007-0154.html
RedHat Security Advisories: RHSA-2007:0155
http://rhn.redhat.com/errata/RHSA-2007-0155.html
http://www.redhat.com/support/errata/RHSA-2007-0162.html
RedHat Security Advisories: RHSA-2007:0163
http://rhn.redhat.com/errata/RHSA-2007-0163.html
http://www.securitytracker.com/id?1017771
http://secunia.com/advisories/24909
http://secunia.com/advisories/24910
http://secunia.com/advisories/24924
http://secunia.com/advisories/24941
http://secunia.com/advisories/25445
http://secunia.com/advisories/26642
http://secunia.com/advisories/27864
http://secunia.com/advisories/28936
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
https://usn.ubuntu.com/549-1/
http://www.ubuntu.com/usn/usn-549-2
Common Vulnerability Exposure (CVE) ID: CVE-2007-1396
BugTraq ID: 22886
http://www.securityfocus.com/bid/22886
Bugtraq: 20070308 PHP import_request_variables() arbitrary variable overwrite (Google Search)
http://www.securityfocus.com/archive/1/462263/100/0/threaded
Bugtraq: 20070312 Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite (Google Search)
http://www.securityfocus.com/archive/1/462457/100/0/threaded
http://www.securityfocus.com/archive/1/462658/100/0/threaded
Bugtraq: 20070314 Re: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite (Google Search)
http://www.securityfocus.com/archive/1/462800/100/0/threaded
http://securityreason.com/securityalert/2406
Common Vulnerability Exposure (CVE) ID: CVE-2007-1864
1018024
http://www.securitytracker.com/id?1018024
2007-0017
http://www.trustix.org/errata/2007/0017/
23813
http://www.securityfocus.com/bid/23813
25187
http://secunia.com/advisories/25187
25191
http://secunia.com/advisories/25191
25255
http://secunia.com/advisories/25255
25445
25660
http://secunia.com/advisories/25660
25938
http://secunia.com/advisories/25938
25945
http://secunia.com/advisories/25945
26048
26102
http://secunia.com/advisories/26102
27377
http://secunia.com/advisories/27377
34674
http://osvdb.org/34674
ADV-2007-2187
http://www.vupen.com/english/advisories/2007/2187
DSA-1330
http://www.debian.org/security/2007/dsa-1330
DSA-1331
http://www.debian.org/security/2007/dsa-1331
GLSA-200705-19
MDKSA-2007:102
http://www.mandriva.com/security/advisories?name=MDKSA-2007:102
MDKSA-2007:103
http://www.mandriva.com/security/advisories?name=MDKSA-2007:103
RHSA-2007:0348
https://rhn.redhat.com/errata/RHSA-2007-0348.html
RHSA-2007:0349
http://www.redhat.com/support/errata/RHSA-2007-0349.html
RHSA-2007:0355
http://www.redhat.com/support/errata/RHSA-2007-0355.html
SUSE-SA:2007:044
USN-485-1
http://www.ubuntu.com/usn/usn-485-1
http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
https://issues.rpath.com/browse/RPL-1693
oval:org.mitre.oval:def:11257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11257
Common Vulnerability Exposure (CVE) ID: CVE-2007-2509
BugTraq ID: 23813
BugTraq ID: 23818
http://www.securityfocus.com/bid/23818
Bugtraq: 20070323 CRLF injection in PHP ftp function (Google Search)
http://www.securityfocus.com/archive/1/463596/100/0/threaded
Debian Security Information: DSA-1295 (Google Search)
http://www.debian.org/security/2007/dsa-1295
Debian Security Information: DSA-1296 (Google Search)
http://www.debian.org/security/2007/dsa-1296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839
RedHat Security Advisories: RHSA-2007:0348
http://www.redhat.com/support/errata/RHSA-2007-0888.html
RedHat Security Advisories: RHSA-2007:0889
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://www.securitytracker.com/id?1018022
http://secunia.com/advisories/25318
http://secunia.com/advisories/25365
http://secunia.com/advisories/25372
http://secunia.com/advisories/26967
http://secunia.com/advisories/27351
http://securityreason.com/securityalert/2672
http://www.ubuntu.com/usn/usn-462-1
XForce ISS Database: php-ftpputcmd-crlf-injection(34413)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34413
Common Vulnerability Exposure (CVE) ID: CVE-2007-2510
BugTraq ID: 24034
http://www.securityfocus.com/bid/24034
http://osvdb.org/34675
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10715
http://www.securitytracker.com/id?1018023
Common Vulnerability Exposure (CVE) ID: CVE-2007-2511
http://osvdb.org/34676
Common Vulnerability Exposure (CVE) ID: CVE-2007-2756
BugTraq ID: 24089
http://www.securityfocus.com/bid/24089
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://www.mandriva.com/security/advisories?name=MDKSA-2007:122
http://www.mandriva.com/security/advisories?name=MDKSA-2007:123
http://www.mandriva.com/security/advisories?name=MDKSA-2007:124
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
http://osvdb.org/35788
http://osvdb.org/36643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10779
http://www.redhat.com/support/errata/RHSA-2007-0890.html
http://www.redhat.com/support/errata/RHSA-2007-0891.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://www.securitytracker.com/id?1018187
http://secunia.com/advisories/25353
http://secunia.com/advisories/25362
http://secunia.com/advisories/25378
http://secunia.com/advisories/25535
http://secunia.com/advisories/25575
http://secunia.com/advisories/25590
http://secunia.com/advisories/25646
http://secunia.com/advisories/25657
http://secunia.com/advisories/25658
http://secunia.com/advisories/25787
http://secunia.com/advisories/25855
http://secunia.com/advisories/26231
http://secunia.com/advisories/26390
http://secunia.com/advisories/26871
http://secunia.com/advisories/26895
http://secunia.com/advisories/26930
http://secunia.com/advisories/27037
http://secunia.com/advisories/27102
http://secunia.com/advisories/27110
http://secunia.com/advisories/27545
http://secunia.com/advisories/29157
http://secunia.com/advisories/30168
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
SuSE Security Announcement: SUSE-SR:2007:013 (Google Search)
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.trustix.org/errata/2007/0023/
http://www.ubuntu.com/usn/usn-473-1
http://www.vupen.com/english/advisories/2007/1904
http://www.vupen.com/english/advisories/2007/1905
http://www.vupen.com/english/advisories/2007/2016
http://www.vupen.com/english/advisories/2007/2336
http://www.vupen.com/english/advisories/2007/3386
XForce ISS Database: gd-gdpngreaddata-dos(34420)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34420
Common Vulnerability Exposure (CVE) ID: CVE-2007-2872
1018186
http://www.securitytracker.com/id?1018186
2007-0023
20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow
http://www.securityfocus.com/archive/1/470244/100/0/threaded
24261
http://www.securityfocus.com/bid/24261
25456
http://secunia.com/advisories/25456
25535
26231
26838
http://secunia.com/advisories/26838
26871
26895
26930
26967
27037
27102
27110
27351
27545
27864
28318
http://secunia.com/advisories/28318
28658
http://secunia.com/advisories/28658
28750
http://secunia.com/advisories/28750
28936
30040
http://secunia.com/advisories/30040
36083
http://osvdb.org/36083
ADV-2007-2061
http://www.vupen.com/english/advisories/2007/2061
ADV-2007-3386
ADV-2008-0059
http://www.vupen.com/english/advisories/2008/0059
ADV-2008-0398
http://www.vupen.com/english/advisories/2008/0398
FEDORA-2007-2215
FEDORA-2007-709
GLSA-200710-02
HPSBUX02262
HPSBUX02308
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
HPSBUX02332
http://www.securityfocus.com/archive/1/491693/100/0/threaded
MDKSA-2007:187
OpenPKG-SA-2007.020
RHSA-2007:0888
RHSA-2007:0889
RHSA-2007:0890
RHSA-2007:0891
SSA:2007-152-01
SSA:2008-045-03
SSRT071447
SSRT080010
SSRT080056
SUSE-SA:2008:004
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
USN-549-1
USN-549-2
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
http://www.php.net/ChangeLog-4.php
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_3.php
http://www.sec-consult.com/291.html
https://issues.rpath.com/browse/RPL-1702
https://launchpad.net/bugs/173043
oval:org.mitre.oval:def:9424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424
php-chunksplit-security-bypass(39398)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39398
Common Vulnerability Exposure (CVE) ID: CVE-2007-3007
BugTraq ID: 24259
http://www.securityfocus.com/bid/24259
http://osvdb.org/36084
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.