Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN99-2 : php4 vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
php4 vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libapache2-mod-php4
- php4
- php4-cgi
- php4-curl
- php4-dev
- php4-domxml
- php4-gd
- php4-ldap
- php4-mcal
- php4-mhash
- php4-mysql
- php4-odbc
- php4-pear
- php4-recode
- php4-snmp
- php4-sybase
- php4-xslt


Description :

USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts
to circumvent path restrictions by creating a specially crafted
directory whose length exceeded the capacity of the realpath()
function (CVE-2004-1064). However, this caused severe regressions,
some applications like SquirrelMail and Gallery did not work any
more, and the package 'php4-pear' was empty. The current version
repairs this.

In addition this update fixes a crash of the PHP interpreter if
curl_init() was called with a non-string argument. Please note that
this is not security relevant since this condition usually cannot be
triggered externally.

Solution :

Upgrade to :
- libapache2-mod-php4-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-cgi-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-curl-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-dev-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-domxml-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-gd-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-ldap-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-mcal-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-mhash-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-mysql-4.3.8-3ubuntu7.6 (Ubuntu 4.10)
- php4-odbc-4.3.8-3
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.