Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71135
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2408-1 (php5)
Summary:The remote host is missing an update to php5;announced via advisory DSA 2408-1.
Description:Summary:
The remote host is missing an update to php5
announced via advisory DSA 2408-1.

Vulnerability Insight:
Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:

CVE-2011-1072

It was discoverd that insecure handling of temporary files in the PEAR
installer could lead to denial of service.

CVE-2011-4153

Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the zend_strndup() function could lead to denial of service.

CVE-2012-0781

Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the tidy_diagnose() function could lead to denial of service.

CVE-2012-0788

It was discovered that missing checks in the handling of PDORow
objects could lead to denial of service.

CVE-2012-0831

It was discovered that the magic_quotes_gpc setting could be disabled
remotely

This update also addresses PHP bugs, which are not treated as security issues
in Debian (see README.Debian.security), but which were fixed nonetheless:
CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467
CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182
CVE-2011-3267

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze8.

For the unstable distribution (sid), this problem has been fixed in
version 5.3.10-1.

Solution:
We recommend that you upgrade your php5 packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1072
BugTraq ID: 46605
http://www.securityfocus.com/bid/46605
http://www.mandriva.com/security/advisories?name=MDVSA-2011:187
http://openwall.com/lists/oss-security/2011/02/28/3
http://openwall.com/lists/oss-security/2011/02/28/12
http://openwall.com/lists/oss-security/2011/02/28/5
http://openwall.com/lists/oss-security/2011/03/01/4
http://openwall.com/lists/oss-security/2011/03/01/5
http://openwall.com/lists/oss-security/2011/03/01/7
http://openwall.com/lists/oss-security/2011/03/01/8
http://openwall.com/lists/oss-security/2011/03/01/9
http://www.redhat.com/support/errata/RHSA-2011-1741.html
http://secunia.com/advisories/43533
XForce ISS Database: pear-pear-installer-symlink(65721)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65721
Common Vulnerability Exposure (CVE) ID: CVE-2011-4153
Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
http://www.exploit-db.com/exploits/18370/
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
HPdes Security Advisory: SSRT100877
http://cxsecurity.com/research/103
http://secunia.com/advisories/48668
SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-0781
Common Vulnerability Exposure (CVE) ID: CVE-2012-0788
Common Vulnerability Exposure (CVE) ID: CVE-2012-0831
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
BugTraq ID: 51954
http://www.securityfocus.com/bid/51954
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
RedHat Security Advisories: RHSA-2013:1307
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://secunia.com/advisories/55078
http://www.ubuntu.com/usn/USN-1358-1
XForce ISS Database: php-magicquotesgpc-sec-bypass(73125)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73125
Common Vulnerability Exposure (CVE) ID: CVE-2010-4697
BugTraq ID: 45952
http://www.securityfocus.com/bid/45952
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: SSRT100826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12528
XForce ISS Database: php-zendengine-code-execution(65310)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65310
Common Vulnerability Exposure (CVE) ID: CVE-2011-1092
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46786
http://www.securityfocus.com/bid/46786
http://www.exploit-db.com/exploits/16966
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.openwall.com/lists/oss-security/2011/03/08/9
http://www.openwall.com/lists/oss-security/2011/03/08/11
http://securityreason.com/securityalert/8130
http://www.vupen.com/english/advisories/2011/0744
XForce ISS Database: php-shmopread-overflow(65988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65988
Common Vulnerability Exposure (CVE) ID: CVE-2011-1148
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 46843
http://www.securityfocus.com/bid/46843
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://openwall.com/lists/oss-security/2011/03/13/2
http://openwall.com/lists/oss-security/2011/03/13/3
http://openwall.com/lists/oss-security/2011/03/13/9
http://www.redhat.com/support/errata/RHSA-2011-1423.html
XForce ISS Database: php-substrreplace-code-exec(66080)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66080
Common Vulnerability Exposure (CVE) ID: CVE-2011-1464
Common Vulnerability Exposure (CVE) ID: CVE-2011-1467
BugTraq ID: 46968
http://www.securityfocus.com/bid/46968
Common Vulnerability Exposure (CVE) ID: CVE-2011-1468
BugTraq ID: 46977
http://www.securityfocus.com/bid/46977
Common Vulnerability Exposure (CVE) ID: CVE-2011-1469
BugTraq ID: 46970
http://www.securityfocus.com/bid/46970
Common Vulnerability Exposure (CVE) ID: CVE-2011-1470
BugTraq ID: 46969
http://www.securityfocus.com/bid/46969
Common Vulnerability Exposure (CVE) ID: CVE-2011-1657
BugTraq ID: 49252
http://www.securityfocus.com/bid/49252
Bugtraq: 20110819 PHP 5.3.6 ZipArchive invalid use glob(3) (Google Search)
http://www.securityfocus.com/archive/1/519385/100/0/threaded
http://www.openwall.com/lists/oss-security/2011/07/01/8
http://www.openwall.com/lists/oss-security/2011/07/01/7
http://www.openwall.com/lists/oss-security/2011/07/01/6
http://securityreason.com/securityalert/8342
http://securityreason.com/achievement_securityalert/100
XForce ISS Database: php-ziparchiveaddglob-dos(69320)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69320
Common Vulnerability Exposure (CVE) ID: CVE-2011-3182
BugTraq ID: 49249
http://www.securityfocus.com/bid/49249
http://marc.info/?l=full-disclosure&m=131373057621672&w=2
http://www.openwall.com/lists/oss-security/2011/08/22/9
http://securityreason.com/achievement_securityalert/101
XForce ISS Database: php-library-functions-dos(69430)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69430
Common Vulnerability Exposure (CVE) ID: CVE-2011-3267
http://osvdb.org/74739
XForce ISS Database: php-errorlog-dos(69428)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69428
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.