Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
A flaw was discovered in the FTP command handler in PHP. Commands were
not correctly filtered for control characters. An attacker could issue
arbitrary FTP commands using specially crafted arguments.
Ilia Alshanetsky discovered a buffer overflow in the SOAP request
handler in PHP. Remote attackers could send a specially crafted SOAP
request and execute arbitrary code with web server privileges.
Ilia Alshanetsky discovered a buffer overflow in the user filter
factory in PHP. A local attacker could create a specially crafted
script and execute arbitrary code with web server privileges.
Gregory Beaver discovered that the PEAR installer did not validate
installation paths. If a user were tricked into installing a malicious
PEAR package, an attacker could overwrite arbitrary files.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.2