This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200703-21
(PHP: Multiple vulnerabilities)
Several vulnerabilities were found in PHP by the Hardened-PHP Project
and other researchers. These vulnerabilities include a heap-based
buffer overflow in htmlentities() and htmlspecialchars() if called with
UTF-8 parameters, and an off-by-one error in str_ireplace(). Other
vulnerabilities were also found in the PHP4 branch, including possible
overflows, stack corruptions and a format string vulnerability in the
*print() functions on 64 bit systems.
Remote attackers might be able to exploit these issues in PHP
applications making use of the affected functions, potentially
resulting in the execution of arbitrary code, Denial of Service,
execution of scripted contents in the context of the affected site,
security bypass or information leak.
There is no known workaround at this time.
See also :
All PHP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose 'dev-lang/php'
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 24887 (gentoo_GLSA-200703-21.nasl)
Bugtraq ID: 20879224962250522765228052285122862
CVE ID: CVE-2006-5465CVE-2007-0906CVE-2007-0907CVE-2007-0908CVE-2007-0909CVE-2007-0910CVE-2007-0911CVE-2007-0988CVE-2007-1286CVE-2007-1375CVE-2007-1376CVE-2007-1380CVE-2007-1383
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.