This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200804-19
(PHP Toolkit: Data disclosure and Denial of Service)
Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph
reported that php-select does not quote parameters passed to the 'tr'
command, which could convert the '-D PHP5' argument in the
'APACHE2_OPTS' setting in the file /etc/conf.d/apache2 to lower case.
An attacker could entice a system administrator to run 'emerge
php' or call 'php-select -t apache2 php5' directly in a
directory containing a lower case single-character named file, which
would prevent Apache from loading mod_php and thereby disclose PHP
source code and cause a Denial of Service.
Do not run 'emerge' or 'php-select' from a working directory which
contains a lower case single-character named file.
See also :
All PHP Toolkit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-admin/php-toolkit-1.0.1'
Risk factor :
Low / CVSS Base Score : 3.6
Family: Gentoo Local Security Checks
Nessus Plugin ID: 32012 (gentoo_GLSA-200804-19.nasl)
CVE ID: CVE-2008-1734