This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200410-04
(PHP: Memory disclosure and arbitrary location file upload)
Stefano Di Paola discovered two bugs in PHP. The first is a parse error in
php_variables.c that could allow a remote attacker to view the contents of
the target machine's memory. Additionally, an array processing error in the
SAPI_POST_HANDLER_FUNC() function inside rfc1867.c could lead to the
$_FILES array being overwritten.
A remote attacker could exploit the first vulnerability to view memory
contents. On a server with a script that provides file uploads, an attacker
could exploit the second vulnerability to upload files to an arbitrary
location. On systems where the HTTP server is allowed to write in a
HTTP-accessible location, this could lead to remote execution of arbitrary
commands with the rights of the HTTP server.
There is no known workaround at this time.
See also :
All PHP, mod_php and php-cgi users should upgrade to the latest stable
# emerge sync
# emerge -pv '>=dev-php/php-4.3.9'
# emerge '>=dev-php/php-4.3.9'
# emerge -pv '>=dev-php/mod_php-4.3.9'
# emerge '>=dev-php/mod_php-4.3.9'
# emerge -pv '>=dev-php/php-cgi-4.3.9'
# emerge '>=dev-php/php-cgi-4.3.9'
Risk factor :
Family: Gentoo Local Security Checks
Nessus Plugin ID: 15429 (gentoo_GLSA-200410-04.nasl)
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.