This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.
Synopsis :
The remote SuSE system is missing the security patch php5-3745
Description :
The following issues have been fixed in PHP, which were
spotted by the MOPB project or fixed in PHP 5.2.3 release:
- missing open_basedir and safe_mode restriction
(CVE-2007-3007)
- chunk_split() integer overflow (CVE-2007-2872)
- DoS condition in libgd's image processing (CVE-2007-2756)
- possible super-global overwrite inside
import_request_variables() (CVE-2007-1396)
- buffer overflow inside user_filter_factory_create()
(CVE-2007-2511)
- remotely trigger-able buffer overflow inside bundled
libxmlrpc (CVE-2007-1864)
- CRLF injection inside ftp_putcmd() (CVE-2007-2509)
- remotely trigger-able buffer overflow inside
make_http_soap_request() (CVE-2007-2510)
- MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer
Overflow Vulnerability (CVE-2007-0906)
- MOPB-03-2007: deep recursion DoS (CVE-2007-1285)
Solution :
Install the php5-3745 security patch by using 'yast', for example.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Family: SuSE Local Security Checks
Nessus Plugin ID: 27391 ()
CVE ID: CVE-2007-3007
CVE-2007-2872
CVE-2007-2756
CVE-2007-1396
CVE-2007-2511
CVE-2007-1864
CVE-2007-2509
CVE-2007-2510
CVE-2007-0906
CVE-2007-1285