English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69973
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-2266-1)
Summary:The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-2266-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-2266-1 advisory.

Vulnerability Insight:
Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code.

CVE-2010-2531

An information leak was found in the var_export() function.

CVE-2011-0421

The Zip module could crash.

CVE-2011-0708

An integer overflow was discovered in the Exif module.

CVE-2011-1466

An integer overflow was discovered in the Calendar module.

CVE-2011-1471

The Zip module was prone to denial of service through malformed archives.

CVE-2011-2202

Path names in form based file uploads (RFC 1867) were incorrectly validated.

This update also fixes two bugs, which are not treated as security issues, but fixed nonetheless, see README.Debian.security for details on the scope of security support for PHP (CVE-2011-0420, CVE-2011-1153).

For the oldstable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny12.

For the stable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze3.

For the unstable distribution (sid), these problems have been fixed in version 5.3.6-12.

We recommend that you upgrade your php5 packages.

Affected Software/OS:
'php5' package(s) on Debian 5, Debian 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2531
42410
http://secunia.com/advisories/42410
ADV-2010-3081
http://www.vupen.com/english/advisories/2010/3081
APPLE-SA-2010-08-24-1
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
APPLE-SA-2010-11-10-1
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
DSA-2266
http://www.debian.org/security/2011/dsa-2266
HPSBMA02662
http://marc.info/?l=bugtraq&m=130331363227777&w=2
HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
RHSA-2010:0919
http://www.redhat.com/support/errata/RHSA-2010-0919.html
SSRT100409
SSRT100826
SUSE-SR:2010:017
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
SUSE-SR:2010:018
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
[oss-security] 20100713 CVE request, php var_export
http://www.openwall.com/lists/oss-security/2010/07/13/1
[oss-security] 20100716 Re: Re: CVE request, php var_export
http://www.openwall.com/lists/oss-security/2010/07/16/3
http://support.apple.com/kb/HT4312
http://support.apple.com/kb/HT4435
http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143
http://www.php.net/archive/2010.php#id2010-07-22-1
http://www.php.net/archive/2010.php#id2010-07-22-2
https://bugzilla.redhat.com/show_bug.cgi?id=617673
Common Vulnerability Exposure (CVE) ID: CVE-2011-0420
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46429
http://www.securityfocus.com/bid/46429
Bugtraq: 20110216 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (Google Search)
http://www.securityfocus.com/archive/1/516504/100/0/threaded
Bugtraq: 20110217 Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (Google Search)
http://www.securityfocus.com/archive/1/516518/100/0/threaded
CERT/CC vulnerability note: VU#210829
http://www.kb.cert.org/vuls/id/210829
Debian Security Information: DSA-2266 (Google Search)
http://www.exploit-db.com/exploits/16182
http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449
http://securityreason.com/securityalert/8087
http://securityreason.com/achievement_securityalert/94
XForce ISS Database: php-graphemeextract-dos(65437)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65437
Common Vulnerability Exposure (CVE) ID: CVE-2011-0421
BugTraq ID: 46354
http://www.securityfocus.com/bid/46354
Bugtraq: 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) (Google Search)
http://www.securityfocus.com/archive/1/517065/100/0/threaded
http://www.exploit-db.com/exploits/17004
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
HPdes Security Advisory: HPSBOV02763
HPdes Security Advisory: SSRT100826
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.mandriva.com/security/advisories?name=MDVSA-2011:099
http://secunia.com/advisories/43621
http://securityreason.com/securityalert/8146
http://securityreason.com/achievement_securityalert/96
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0744
http://www.vupen.com/english/advisories/2011/0764
http://www.vupen.com/english/advisories/2011/0890
XForce ISS Database: libzip-zipnamelocate-dos(66173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66173
Common Vulnerability Exposure (CVE) ID: CVE-2011-0708
16261
http://www.exploit-db.com/exploits/16261/
46365
http://www.securityfocus.com/bid/46365
8114
http://securityreason.com/securityalert/8114
ADV-2011-0744
ADV-2011-0764
ADV-2011-0890
APPLE-SA-2011-10-12-3
FEDORA-2011-3614
FEDORA-2011-3636
FEDORA-2011-3666
MDVSA-2011:052
MDVSA-2011:053
RHSA-2011:1423
http://www.redhat.com/support/errata/RHSA-2011-1423.html
RHSA-2012:0071
http://rhn.redhat.com/errata/RHSA-2012-0071.html
[oss-security] 20110214 PHP Exif 64bit Casting Vulnerability, CVE request
http://openwall.com/lists/oss-security/2011/02/14/1
[oss-security] 20110216 Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request
http://openwall.com/lists/oss-security/2011/02/16/7
http://bugs.php.net/bug.php?id=54002
http://support.apple.com/kb/HT5002
http://svn.php.net/viewvc?view=revision&revision=308316
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2011.php
http://www.php.net/releases/5_3_6.php
https://bugzilla.redhat.com/show_bug.cgi?id=680972
Common Vulnerability Exposure (CVE) ID: CVE-2011-1153
43744
http://secunia.com/advisories/43744
46854
http://www.securityfocus.com/bid/46854
[oss-security] 20110314 CVE request: format-string vulnerability in PHP Phar extension
http://openwall.com/lists/oss-security/2011/03/14/13
[oss-security] 20110314 Re: CVE request: format-string vulnerability in PHP Phar extension
http://openwall.com/lists/oss-security/2011/03/14/14
http://openwall.com/lists/oss-security/2011/03/14/24
http://bugs.php.net/bug.php?id=54247
http://svn.php.net/viewvc?view=revision&revision=309221
https://bugzilla.redhat.com/show_bug.cgi?id=688378
php-pharobject-format-string(66079)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66079
Common Vulnerability Exposure (CVE) ID: CVE-2011-1466
BugTraq ID: 46967
http://www.securityfocus.com/bid/46967
RedHat Security Advisories: RHSA-2012:0071
http://secunia.com/advisories/48668
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1471
BugTraq ID: 46975
http://www.securityfocus.com/bid/46975
Common Vulnerability Exposure (CVE) ID: CVE-2011-2202
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 48259
http://www.securityfocus.com/bid/48259
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://pastebin.com/1edSuSVN
http://openwall.com/lists/oss-security/2011/06/12/5
http://openwall.com/lists/oss-security/2011/06/13/15
http://securitytracker.com/id?1025659
http://secunia.com/advisories/44874
XForce ISS Database: php-sapiposthandlerfunc-sec-bypass(67999)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67999
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.