Mandrake Linux Security Advisory : php (MDKSA-2004:068)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Stefan Esser discovered a remotely exploitable vulnerability in PHP
where a remote attacker could trigger a memory_limit request
termination in places where an interruption is unsafe. This could be
used to execute arbitrary code.

As well, Stefan Esser also found a vulnerability in the handling of
allowed tags within PHP's strip_tags() function. This could lead to a
number of XSS issues on sites that rely on strip_tags(); however, this
only seems to affect the Internet Explorer and Safari browsers.

The updated packages have been patched to correct the problem and all
users are encouraged to upgrade immediately.

See also :

http://www.nessus.org/u?83c215d0
http://www.nessus.org/u?9d4bce03

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14167 (mandrake_MDKSA-2004-068.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0594
CVE-2004-0595

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now