Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2005-192-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, and -current to fix a security issue with the PEAR XML_RPC class
that allows a remote attacker to run arbitrary PHP code. Sites that
make use of this PHP library should upgrade to the new PHP package
right away, or may instead upgrade the XML_RPC PEAR class with the
following command: pear upgrade XML_RPC

See also :

http://www.nessus.org/u?52d09156

Solution :

Update the affected php package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Slackware Local Security Checks

Nessus Plugin ID: 18805 ()

Bugtraq ID:

CVE ID: CVE-2005-1921