Family: Fedora Local Security Checks --> Category: infos
Fedora Core 6 2006-1169: php Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the php package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2006-1169 (php).
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module which adds support for the PHP
language to Apache HTTP Server.
This update fixes a security vulnerability in PHP.
The Hardened-PHP Project discovered an overflow in the PHP
htmlentities() and htmlspecialchars() routines. If a PHP
script used the vulnerable functions to parse UTF-8 data, a
remote attacker sending a carefully crafted request could
trigger the overflow and potentially execute arbitrary code
as the 'apache' user. (CVE-2006-5465)
Solution : Get the newest Fedora Updates
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.