Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0338
The remote host is missing updates announced in
advisory RHSA-2009:0338.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or,
possibly, execute arbitrary code. (CVE-2008-5557)

A flaw was found in the handling of the mbstring.func_overload
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)

A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)

A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)

A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
background color argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)

A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had display_errors enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)

All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3658
BugTraq ID: 30649
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
Cert/CC Advisory: TA09-133A
Debian Security Information: DSA-1647 (Google Search)
HPdes Security Advisory: HPSBTU02382
HPdes Security Advisory: HPSBUX02401
HPdes Security Advisory: HPSBUX02465
HPdes Security Advisory: SSRT080132
HPdes Security Advisory: SSRT090005
HPdes Security Advisory: SSRT090192
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:021 (Google Search)
XForce ISS Database: php-imageloadfont-dos(44401)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3660
HPdes Security Advisory: HPSBUX02431
HPdes Security Advisory: SSRT090085
XForce ISS Database: php-curl-unspecified(44402)
Common Vulnerability Exposure (CVE) ID: CVE-2008-5498
BugTraq ID: 33002
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
XForce ISS Database: php-imagerotate-info-disclosure(47635)
Common Vulnerability Exposure (CVE) ID: CVE-2008-5557
BugTraq ID: 32948
Debian Security Information: DSA-1789 (Google Search)
HPdes Security Advisory: HPSBMA02492
HPdes Security Advisory: SSRT100079
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
XForce ISS Database: php-multibyte-bo(47525)
Common Vulnerability Exposure (CVE) ID: CVE-2008-5814
HPdes Security Advisory: HPSBMA02426
HPdes Security Advisory: SSRT090053
XForce ISS Database: php-directives-xss(47496)
Common Vulnerability Exposure (CVE) ID: CVE-2009-0754
CopyrightCopyright (c) 2009 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.