Test ID:	1.3.6.1.4.1.25623.1.0.70725
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2403-1)
Summary:	The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-2403-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-2403-1 advisory. Vulnerability Insight: Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. For the oldstable distribution (lenny), this problem has been fixed in version 5.2.6.dfsg.1-1+lenny16. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7. For the unstable distribution (sid), this problem has been fixed in version 5.3.10-1. We recommend that you upgrade your php5 packages. Affected Software/OS: 'php5' package(s) on Debian 5, Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0830 1026631 http://securitytracker.com/id?1026631 47801 http://secunia.com/advisories/47801 47806 http://secunia.com/advisories/47806 47813 http://secunia.com/advisories/47813 48668 http://secunia.com/advisories/48668 51830 http://www.securityfocus.com/bid/51830 78819 http://www.osvdb.org/78819 APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html DSA-2403 http://www.debian.org/security/2012/dsa-2403 HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 RHSA-2012:0092 http://rhn.redhat.com/errata/RHSA-2012-0092.html SSRT100856 SSRT100877 SUSE-SU-2012:0411 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html [oss-security] 20120202 PHP remote code execution introduced via HashDoS fix http://openwall.com/lists/oss-security/2012/02/02/12 [oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix http://openwall.com/lists/oss-security/2012/02/03/1 http://support.apple.com/kb/HT5281 http://svn.php.net/viewvc?view=revision&revision=323007 http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html http://www.php.net/ChangeLog-5.php#5.3.10 https://gist.github.com/1725489 openSUSE-SU-2012:0426 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html php-phpregistervariableex-code-exec(72911) https://exchange.xforce.ibmcloud.com/vulnerabilities/72911
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.