Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:091: php Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the php package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:091 (php).
An integer overflow in the wordwrap() function could allow attackers
to execute arbitrary code via certain long arguments that cause a small
buffer to be allocated, triggering a heap-based buffer overflow
The substr_compare() function in PHP 5.x and 4.4.2 could allow
attackers to cause a Denial of Service (memory access violation)
via an out-of-bounds offset argument (CVE-2006-1991).
The second vulnerability only affects Mandriva Linux 2006
versions shipped with older versions of PHP that do not contain the
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:091
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.