Test ID:	1.3.6.1.4.1.25623.1.0.71265
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: php
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: php CVE-2012-0831 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0831 48668 http://secunia.com/advisories/48668 51954 http://www.securityfocus.com/bid/51954 55078 http://secunia.com/advisories/55078 APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html FEDORA-2012-6907 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html FEDORA-2012-6911 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html SUSE-SU-2012:0411 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html SUSE-SU-2012:0472 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html USN-1358-1 http://www.ubuntu.com/usn/USN-1358-1 http://support.apple.com/kb/HT5501 http://svn.php.net/viewvc?view=revision&revision=323016 https://launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz openSUSE-SU-2012:0426 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html php-magicquotesgpc-sec-bypass(73125) https://exchange.xforce.ibmcloud.com/vulnerabilities/73125 Common Vulnerability Exposure (CVE) ID: CVE-2012-1172 Debian Security Information: DSA-2465 (Google Search) http://www.debian.org/security/2012/dsa-2465 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html HPdes Security Advisory: HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 HPdes Security Advisory: SSRT100856 http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/ https://bugs.php.net/bug.php?id=48597 https://bugs.php.net/bug.php?id=49683 https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf http://openwall.com/lists/oss-security/2012/03/13/4 SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.