Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-1126-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.840646
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1126-1)
Summary:	The remote host is missing an update for the 'php5' package(s) announced via the USN-1126-1 advisory.
Description:	Summary: The remote host is missing an update for the 'php5' package(s) announced via the USN-1126-1 advisory. Vulnerability Insight: Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. (CVE-2011-0441) Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072, CVE-2011-1144) Ben Schmidt discovered that a use-after-free vulnerability in the PHP Zend engine could allow an attacker to cause a denial of service (heap memory corruption) or possibly execute arbitrary code. (CVE-2010-4697) Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti- aliasing steps in an argument to the imagepstext function. (CVE-2010-4698) It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. This issue is addressed in Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2006-7243) Maksymilian Arciemowicz discovered that the grapheme_extract function in the PHP Internationalization extension (Intl) for ICU allow an attacker to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0420) Maksymilian Arciemowicz discovered that the _zip_name_locate function in the PHP Zip extension does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to cause a denial of service (NULL pointer dereference) via an empty ZIP archive. This issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and Ubuntu 11.04. (CVE-2011-0421) Luca Carettoni discovered that the PHP Exif extension performs an incorrect cast on 64bit platforms, which allows a remote attacker to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD). (CVE-2011-0708) Jose Carlos Norte discovered that an integer overflow in the PHP shmop extension could allow an attacker to cause a denial of service (crash) and possibly read sensitive memory function. (CVE-2011-1092) Felipe Pena discovered that a use-after-free vulnerability in the substr_replace function allows an attacker to cause a denial of service (memory corruption) or possibly execute arbitrary code. (CVE-2011-1148) Felipe Pena discovered multiple format string vulnerabilities in the PHP phar extension. These could allow an attacker to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code. This issue affected Ubuntu 10.04 ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'php5' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04, Ubuntu 10.10, Ubuntu 11.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-7243 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 44951 http://www.securityfocus.com/bid/44951 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: HPSBUX02741 http://marc.info/?l=bugtraq&m=132871655717248&w=2 HPdes Security Advisory: SSRT100728 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2010:254 http://www.madirish.net/?article=436 http://openwall.com/lists/oss-security/2010/11/18/4 http://openwall.com/lists/oss-security/2010/11/18/5 http://openwall.com/lists/oss-security/2010/12/09/10 http://openwall.com/lists/oss-security/2010/12/09/11 http://openwall.com/lists/oss-security/2010/12/09/9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12569 RedHat Security Advisories: RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html RedHat Security Advisories: RHSA-2013:1615 http://rhn.redhat.com/errata/RHSA-2013-1615.html RedHat Security Advisories: RHSA-2014:0311 http://rhn.redhat.com/errata/RHSA-2014-0311.html http://secunia.com/advisories/55078 Common Vulnerability Exposure (CVE) ID: CVE-2010-4697 BugTraq ID: 45952 http://www.securityfocus.com/bid/45952 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12528 XForce ISS Database: php-zendengine-code-execution(65310) https://exchange.xforce.ibmcloud.com/vulnerabilities/65310 Common Vulnerability Exposure (CVE) ID: CVE-2010-4698 BugTraq ID: 45338 http://www.securityfocus.com/bid/45338 http://seclists.org/fulldisclosure/2010/Dec/180 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11939 Common Vulnerability Exposure (CVE) ID: CVE-2011-0420 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 46429 http://www.securityfocus.com/bid/46429 Bugtraq: 20110216 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (Google Search) http://www.securityfocus.com/archive/1/516504/100/0/threaded Bugtraq: 20110217 Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (Google Search) http://www.securityfocus.com/archive/1/516518/100/0/threaded CERT/CC vulnerability note: VU#210829 http://www.kb.cert.org/vuls/id/210829 Debian Security Information: DSA-2266 (Google Search) http://www.debian.org/security/2011/dsa-2266 http://www.exploit-db.com/exploits/16182 http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449 http://securityreason.com/securityalert/8087 http://securityreason.com/achievement_securityalert/94 XForce ISS Database: php-graphemeextract-dos(65437) https://exchange.xforce.ibmcloud.com/vulnerabilities/65437 Common Vulnerability Exposure (CVE) ID: CVE-2011-0421 BugTraq ID: 46354 http://www.securityfocus.com/bid/46354 Bugtraq: 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) (Google Search) http://www.securityfocus.com/archive/1/517065/100/0/threaded http://www.exploit-db.com/exploits/17004 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.mandriva.com/security/advisories?name=MDVSA-2011:099 http://secunia.com/advisories/43621 http://securityreason.com/securityalert/8146 http://securityreason.com/achievement_securityalert/96 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/0744 http://www.vupen.com/english/advisories/2011/0764 http://www.vupen.com/english/advisories/2011/0890 XForce ISS Database: libzip-zipnamelocate-dos(66173) https://exchange.xforce.ibmcloud.com/vulnerabilities/66173 Common Vulnerability Exposure (CVE) ID: CVE-2011-0441 BugTraq ID: 46928 http://www.securityfocus.com/bid/46928 http://www.mandriva.com/security/advisories?name=MDVSA-2011:069 http://www.vupen.com/english/advisories/2011/0910 XForce ISS Database: php-php5common-file-deletion(66180) https://exchange.xforce.ibmcloud.com/vulnerabilities/66180 Common Vulnerability Exposure (CVE) ID: CVE-2011-0708 16261 http://www.exploit-db.com/exploits/16261/ 46365 http://www.securityfocus.com/bid/46365 8114 http://securityreason.com/securityalert/8114 ADV-2011-0744 ADV-2011-0764 ADV-2011-0890 APPLE-SA-2011-10-12-3 DSA-2266 FEDORA-2011-3614 FEDORA-2011-3636 FEDORA-2011-3666 HPSBOV02763 MDVSA-2011:052 MDVSA-2011:053 RHSA-2011:1423 http://www.redhat.com/support/errata/RHSA-2011-1423.html RHSA-2012:0071 http://rhn.redhat.com/errata/RHSA-2012-0071.html SSRT100826 [oss-security] 20110214 PHP Exif 64bit Casting Vulnerability, CVE request http://openwall.com/lists/oss-security/2011/02/14/1 [oss-security] 20110216 Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request http://openwall.com/lists/oss-security/2011/02/16/7 http://bugs.php.net/bug.php?id=54002 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc?view=revision&revision=308316 http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2011.php http://www.php.net/releases/5_3_6.php https://bugzilla.redhat.com/show_bug.cgi?id=680972 Common Vulnerability Exposure (CVE) ID: CVE-2011-1072 43533 http://secunia.com/advisories/43533 46605 http://www.securityfocus.com/bid/46605 MDVSA-2011:187 http://www.mandriva.com/security/advisories?name=MDVSA-2011:187 RHSA-2011:1741 http://www.redhat.com/support/errata/RHSA-2011-1741.html [oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack http://openwall.com/lists/oss-security/2011/02/28/3 [oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack http://openwall.com/lists/oss-security/2011/02/28/12 http://openwall.com/lists/oss-security/2011/02/28/5 [oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack http://openwall.com/lists/oss-security/2011/03/01/4 http://openwall.com/lists/oss-security/2011/03/01/5 http://openwall.com/lists/oss-security/2011/03/01/7 http://openwall.com/lists/oss-security/2011/03/01/8 http://openwall.com/lists/oss-security/2011/03/01/9 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164 http://news.php.net/php.pear.cvs/61264 http://pear.php.net/advisory-20110228.txt http://pear.php.net/bugs/bug.php?id=18056 http://security-tracker.debian.org/tracker/CVE-2011-1072 http://svn.php.net/viewvc?view=revision&revision=308687 pear-pear-installer-symlink(65721) https://exchange.xforce.ibmcloud.com/vulnerabilities/65721 Common Vulnerability Exposure (CVE) ID: CVE-2011-1092 16966 http://www.exploit-db.com/exploits/16966 46786 http://www.securityfocus.com/bid/46786 8130 http://securityreason.com/securityalert/8130 [oss-security] 20110308 CVE request, php's shm http://www.openwall.com/lists/oss-security/2011/03/08/9 [oss-security] 20110308 Re: CVE request, php's shm http://www.openwall.com/lists/oss-security/2011/03/08/11 http://bugs.php.net/bug.php?id=54193 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018 https://bugzilla.redhat.com/show_bug.cgi?id=683183 php-shmopread-overflow(65988) https://exchange.xforce.ibmcloud.com/vulnerabilities/65988 Common Vulnerability Exposure (CVE) ID: CVE-2011-1144 XForce ISS Database: pear-package-symlink(65911) https://exchange.xforce.ibmcloud.com/vulnerabilities/65911 Common Vulnerability Exposure (CVE) ID: CVE-2011-1148 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 46843 http://www.securityfocus.com/bid/46843 BugTraq ID: 49241 http://www.securityfocus.com/bid/49241 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://openwall.com/lists/oss-security/2011/03/13/2 http://openwall.com/lists/oss-security/2011/03/13/3 http://openwall.com/lists/oss-security/2011/03/13/9 XForce ISS Database: php-substrreplace-code-exec(66080) https://exchange.xforce.ibmcloud.com/vulnerabilities/66080 Common Vulnerability Exposure (CVE) ID: CVE-2011-1153 43744 http://secunia.com/advisories/43744 46854 http://www.securityfocus.com/bid/46854 [oss-security] 20110314 CVE request: format-string vulnerability in PHP Phar extension http://openwall.com/lists/oss-security/2011/03/14/13 [oss-security] 20110314 Re: CVE request: format-string vulnerability in PHP Phar extension http://openwall.com/lists/oss-security/2011/03/14/14 http://openwall.com/lists/oss-security/2011/03/14/24 http://bugs.php.net/bug.php?id=54247 http://svn.php.net/viewvc?view=revision&revision=309221 https://bugzilla.redhat.com/show_bug.cgi?id=688378 php-pharobject-format-string(66079) https://exchange.xforce.ibmcloud.com/vulnerabilities/66079 Common Vulnerability Exposure (CVE) ID: CVE-2011-1464 Common Vulnerability Exposure (CVE) ID: CVE-2011-1466 BugTraq ID: 46967 http://www.securityfocus.com/bid/46967 RedHat Security Advisories: RHSA-2012:0071 http://secunia.com/advisories/48668 SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2011-1467 BugTraq ID: 46968 http://www.securityfocus.com/bid/46968 Common Vulnerability Exposure (CVE) ID: CVE-2011-1468 BugTraq ID: 46977 http://www.securityfocus.com/bid/46977 Common Vulnerability Exposure (CVE) ID: CVE-2011-1469 BugTraq ID: 46970 http://www.securityfocus.com/bid/46970 Common Vulnerability Exposure (CVE) ID: CVE-2011-1470 BugTraq ID: 46969 http://www.securityfocus.com/bid/46969 Common Vulnerability Exposure (CVE) ID: CVE-2011-1471 BugTraq ID: 46975 http://www.securityfocus.com/bid/46975
Copyright	Copyright (C) 2011 Greenbone AG