Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN232-1 : php4, php5 vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
php4, php5 vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libapache-mod-php4
- libapache2-mod-php4
- libapache2-mod-php5
- php-pear
- php4
- php4-cgi
- php4-cli
- php4-common
- php4-curl
- php4-dev
- php4-domxml
- php4-gd
- php4-imap
- php4-ldap
- php4-mcal
- php4-mhash
- php4-mysql
- php4-odbc
- php4-pear
- php4-pgsql
- php4-recode
- php4-snmp
- php4-sybase
- php4-universe-common
- php4-xslt
- php5
- php5-cgi
- php5-cli
- php5-common
- php5-curl
- php5-dev
- php5-gd
- php5-lda
[...]

Description :

Eric Romang discovered a local Denial of Service vulnerability in the
handling of the 'session.save_path' parameter in PHP's Apache 2.0
module. By setting this parameter to an invalid value in an .htaccess
file, a local user could crash the Apache server. (CVE-2005-3319)

A Denial of Service flaw was found in the EXIF module. By sending an
image with specially crafted EXIF data to a PHP program that
automatically evaluates them (e. g. a web gallery), a remote attacker
could cause an infinite recursion in the PHP interpreter, which caused
the web server to crash. (CVE-2005-3353)

Stefan Esser reported a Cross Site Scripting vulnerability in the
phpinfo() function. By tricking a user into retrieving a specially
crafted URL to a PHP page that exposes phpinfo(), a remote attacker
could inject arbitrary HTML or web script into the output page and
possibly steal private data like cookies or session identifiers.
(CVE-2005-3388)

Stefan Esser discovered a vulnerability of the parse_str() function
when it is calle
[...]

Solution :

Upgrade to :
- libapache-mod-php4-4.4.0-3ubuntu1 (Ubuntu 5.10)
- libapache2-mod-php4-4.4.0-3ubuntu1 (Ubuntu 5.10)
- libapache2-mod-php5-5.0.5-2ubuntu1.1 (Ubuntu 5.10)
- php-pear-5.0.5-2ubuntu1.1 (Ubuntu 5.10)
- php4-4.4.0-3ubuntu1 (Ubuntu 5.10)
- php4-cgi-4.4.0-3ubuntu1 (Ubuntu 5.10)
- php4-cli-4.4.0-3ubuntu1 (Ubuntu 5.10)
- php4-common-4.4.0-3ubuntu1 (Ubuntu 5.10)
- php4-curl-4.4.0-3ubuntu1 (Ubuntu 5.10)
- php4-dev-4.4.0-3ubuntu1 (Ubuntu 5.10)
- php4-domxml-4.4.0-3ubuntu1 (Ubuntu 5.10)
- php4-gd-4.4.0-3u
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.