Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN171-1 : php4 vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
php4 vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libapache-mod-php4
- libapache2-mod-php4
- php4
- php4-cgi
- php4-cli
- php4-common
- php4-curl
- php4-dev
- php4-domxml
- php4-gd
- php4-imap
- php4-ldap
- php4-mcal
- php4-mhash
- php4-mysql
- php4-odbc
- php4-pear
- php4-recode
- php4-snmp
- php4-sybase
- php4-universe-common
- php4-xslt


Description :

CVE-2005-1751:

The php4-dev package ships a copy of the "shtool" utility in
/usr/lib/php4/build/, which provides useful functionality for
developers of software packages. Eric Romang discovered that shtool
created temporary files in an insecure manner. This could allow
a symlink attack to create or overwrite arbitrary files with the
rights of the user invoking the shtool program.

CVE-1005-1759:

The creation of temporary files in shtool was also vulnerable to a
race condition which allowed a local user to read the contents of the
temporary file. However, this file does not usually contain sensitive
information since shtool is usually used for building software
packages.

CVE-2005-2498:

Stefan Esser discovered another remote code execution vulnerability in
the XMLRPC module of the PEAR (PHP Extension and Application
Repository) extension of PHP. By sending specially crafted XMLRPC
requests to an affected web server, a remote attacker could exploit
this to execute arbitr
[...]

Solution :

Upgrade to :
- libapache-mod-php4-4.3.10-10ubuntu3.4 (Ubuntu 5.04)
- libapache2-mod-php4-4.3.10-10ubuntu4.1 (Ubuntu 5.04)
- php4-4.3.10-10ubuntu4.1 (Ubuntu 5.04)
- php4-cgi-4.3.10-10ubuntu4.1 (Ubuntu 5.04)
- php4-cli-4.3.10-10ubuntu4.1 (Ubuntu 5.04)
- php4-common-4.3.10-10ubuntu4.1 (Ubuntu 5.04)
- php4-curl-4.3.10-10ubuntu3.4 (Ubuntu 5.04)
- php4-dev-4.3.10-10ubuntu4.1 (Ubuntu 5.04)
- php4-domxml-4.3.10-10ubuntu3.4 (Ubuntu 5.04)
- php4-gd-4.3.10-10ubuntu3.4 (Ubuntu 5.04)
- php4-imap-4.3.10-10ubuntu3.4 (Ub
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.