This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200804-19
(PHP Toolkit: Data disclosure and Denial of Service)
Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph
reported that php-select does not quote parameters passed to the 'tr'
command, which could convert the '-D PHP5' argument in the
'APACHE2_OPTS' setting in the file /etc/conf.d/apache2 to lower case.
An attacker could entice a system administrator to run 'emerge
php' or call 'php-select -t apache2 php5' directly in a
directory containing a lower case single-character named file, which
would prevent Apache from loading mod_php and thereby disclose PHP
source code and cause a Denial of Service.
Do not run 'emerge' or 'php-select' from a working directory which
contains a lower case single-character named file.
See also :
All PHP Toolkit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-admin/php-toolkit-1.0.1'
Risk factor :
Low / CVSS Base Score : 3.6
Family: Gentoo Local Security Checks
Nessus Plugin ID: 32012 (gentoo_GLSA-200804-19.nasl)
CVE ID: CVE-2008-1734
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.