Test ID:	1.3.6.1.4.1.25623.1.0.59532
Category:	Fedora Local Security Checks
Title:	Fedora Core 6 FEDORA-2007-503 (php)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php announced via advisory FEDORA-2007-503. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. Update Information: This update fixes a number of security issues in PHP. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864) A flaw was found in the PHP 'ftp' extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509) A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server. No mechanism to trigger this flaw remotely is known. (CVE-2007-2510) * Wed May 9 2007 Joe Orton 5.1.6-3.6.fc6 - add security fixes for CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 (#235016) - add README.FastCGI to -cli subpackage (#236555) Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-503 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1864 1018024 http://www.securitytracker.com/id?1018024 2007-0017 http://www.trustix.org/errata/2007/0017/ 23813 http://www.securityfocus.com/bid/23813 25187 http://secunia.com/advisories/25187 25191 http://secunia.com/advisories/25191 25255 http://secunia.com/advisories/25255 25445 http://secunia.com/advisories/25445 25660 http://secunia.com/advisories/25660 25938 http://secunia.com/advisories/25938 25945 http://secunia.com/advisories/25945 26048 http://secunia.com/advisories/26048 26102 http://secunia.com/advisories/26102 27377 http://secunia.com/advisories/27377 34674 http://osvdb.org/34674 ADV-2007-2187 http://www.vupen.com/english/advisories/2007/2187 DSA-1330 http://www.debian.org/security/2007/dsa-1330 DSA-1331 http://www.debian.org/security/2007/dsa-1331 GLSA-200705-19 http://security.gentoo.org/glsa/glsa-200705-19.xml MDKSA-2007:102 http://www.mandriva.com/security/advisories?name=MDKSA-2007:102 MDKSA-2007:103 http://www.mandriva.com/security/advisories?name=MDKSA-2007:103 RHSA-2007:0348 https://rhn.redhat.com/errata/RHSA-2007-0348.html RHSA-2007:0349 http://www.redhat.com/support/errata/RHSA-2007-0349.html RHSA-2007:0355 http://www.redhat.com/support/errata/RHSA-2007-0355.html SUSE-SA:2007:044 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html USN-485-1 http://www.ubuntu.com/usn/usn-485-1 http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm http://us2.php.net/releases/4_4_7.php http://us2.php.net/releases/5_2_2.php https://issues.rpath.com/browse/RPL-1693 oval:org.mitre.oval:def:11257 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11257 Common Vulnerability Exposure (CVE) ID: CVE-2007-2509 BugTraq ID: 23813 BugTraq ID: 23818 http://www.securityfocus.com/bid/23818 Bugtraq: 20070323 CRLF injection in PHP ftp function (Google Search) http://www.securityfocus.com/archive/1/463596/100/0/threaded Debian Security Information: DSA-1295 (Google Search) http://www.debian.org/security/2007/dsa-1295 Debian Security Information: DSA-1296 (Google Search) http://www.debian.org/security/2007/dsa-1296 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839 RedHat Security Advisories: RHSA-2007:0348 http://www.redhat.com/support/errata/RHSA-2007-0888.html RedHat Security Advisories: RHSA-2007:0889 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://www.securitytracker.com/id?1018022 http://secunia.com/advisories/25318 http://secunia.com/advisories/25365 http://secunia.com/advisories/25372 http://secunia.com/advisories/26967 http://secunia.com/advisories/27351 http://securityreason.com/securityalert/2672 SuSE Security Announcement: SUSE-SA:2007:044 (Google Search) http://www.ubuntu.com/usn/usn-462-1 XForce ISS Database: php-ftpputcmd-crlf-injection(34413) https://exchange.xforce.ibmcloud.com/vulnerabilities/34413 Common Vulnerability Exposure (CVE) ID: CVE-2007-2510 BugTraq ID: 24034 http://www.securityfocus.com/bid/24034 http://osvdb.org/34675 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10715 http://www.securitytracker.com/id?1018023
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.