Test ID:	1.3.6.1.4.1.25623.1.0.840366
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-882-1)
Summary:	The remote host is missing an update for the 'php5' package(s) announced via the USN-882-1 advisory.
Description:	Summary: The remote host is missing an update for the 'php5' package(s) announced via the USN-882-1 advisory. Vulnerability Insight: Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. (CVE-2009-2626) It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-4142) Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions. (CVE-2009-4143) Affected Software/OS: 'php5' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 8.10, Ubuntu 9.04, Ubuntu 9.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2626 BugTraq ID: 36009 http://www.securityfocus.com/bid/36009 Debian Security Information: DSA-1940 (Google Search) http://www.debian.org/security/2009/dsa-1940 http://secunia.com/advisories/37482 http://securityreason.com/achievement_securityalert/65 Common Vulnerability Exposure (CVE) ID: CVE-2009-4142 1023372 http://securitytracker.com/id?1023372 37389 http://www.securityfocus.com/bid/37389 37821 http://secunia.com/advisories/37821 38648 http://secunia.com/advisories/38648 40262 http://secunia.com/advisories/40262 ADV-2009-3593 http://www.vupen.com/english/advisories/2009/3593 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-2001 http://www.debian.org/security/2010/dsa-2001 HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 SSRT100152 http://bugs.php.net/bug.php?id=49785 http://support.apple.com/kb/HT4077 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_12.php oval:org.mitre.oval:def:10005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10005 oval:org.mitre.oval:def:7085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7085 Common Vulnerability Exposure (CVE) ID: CVE-2009-4143 37390 http://www.securityfocus.com/bid/37390 41480 http://secunia.com/advisories/41480 41490 http://secunia.com/advisories/41490 HPSBMA02568 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 MDVSA-2010:045 http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 SSRT100219 oval:org.mitre.oval:def:7439 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.