Ubuntu Security Notice (C) 2007-2015 Canonical, Inc. / NASL script (C) 2007-2015 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
A flaw was discovered in the FTP command handler in PHP. Commands were
not correctly filtered for control characters. An attacker could issue
arbitrary FTP commands using specially crafted arguments.
Ilia Alshanetsky discovered a buffer overflow in the SOAP request
handler in PHP. Remote attackers could send a specially crafted SOAP
request and execute arbitrary code with web server privileges.
Ilia Alshanetsky discovered a buffer overflow in the user filter
factory in PHP. A local attacker could create a specially crafted
script and execute arbitrary code with web server privileges.
Gregory Beaver discovered that the PEAR installer did not validate
installation paths. If a user were tricked into installing a malicious
PEAR package, an attacker could overwrite arbitrary files.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.3
Public Exploit Available : false
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 28062 ()
Bugtraq ID: 238132381824034
CVE ID: CVE-2007-2509CVE-2007-2510CVE-2007-2511CVE-2007-2519
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.