Synopsis
The remote host is missing a vendor-supplied security patch
Description
The remote host is missing the patch for the advisory SUSE-SA:2005:051 (php4,php5).
This update fixes the following security issues in the PHP scripting language.
- Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498).
The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications.
- An integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491)
Please note:
Solution
http://www.suse.de/security/advisories/2005_51_php.html
Plugin Details
File Name: suse_SA_2005_051.nasl
Agent: unix
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
Required KB Items: Host/SuSE/rpm-list