Test ID:	1.3.6.1.4.1.25623.1.0.61226
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:130 (php4)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php4 announced via advisory MDVSA-2008:130. An integer overflow in the zip_read_entry() function in PHP prior to 4.4.5 allowed remote attackers to execute arbitrary code via a ZIP archive containing a certain type of entry that triggered a heap overflow (CVE-2007-1777). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The updated packages have been patched to correct these issues. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:130 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1777 BugTraq ID: 23169 http://www.securityfocus.com/bid/23169 Debian Security Information: DSA-1282 (Google Search) http://www.debian.org/security/2007/dsa-1282 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 http://www.mandriva.com/security/advisories?name=MDVSA-2008:130 http://www.php-security.org/MOPB/MOPB-35-2007.html http://secunia.com/advisories/25025 http://secunia.com/advisories/25062 XForce ISS Database: php-zipreadentry-bo(33652) https://exchange.xforce.ibmcloud.com/vulnerabilities/33652 Common Vulnerability Exposure (CVE) ID: CVE-2008-2107 Bugtraq: 20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (Google Search) http://www.securityfocus.com/archive/1/491683/100/0/threaded Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html http://security.gentoo.org/glsa/glsa-200811-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 http://www.mandriva.com/security/advisories?name=MDVSA-2008:129 http://www.sektioneins.de/advisories/SE-2008-02.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.redhat.com/support/errata/RHSA-2008-0544.html http://www.redhat.com/support/errata/RHSA-2008-0545.html http://www.redhat.com/support/errata/RHSA-2008-0546.html http://www.redhat.com/support/errata/RHSA-2008-0582.html http://secunia.com/advisories/30757 http://secunia.com/advisories/30828 http://secunia.com/advisories/30967 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124 http://secunia.com/advisories/31200 http://secunia.com/advisories/32746 http://secunia.com/advisories/35003 http://securityreason.com/securityalert/3859 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.ubuntu.com/usn/usn-628-1 XForce ISS Database: php-generateseed-security-bypass(42284) https://exchange.xforce.ibmcloud.com/vulnerabilities/42284 XForce ISS Database: php-generateseed-weak-security(42226) https://exchange.xforce.ibmcloud.com/vulnerabilities/42226 Common Vulnerability Exposure (CVE) ID: CVE-2008-2108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10844
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.