SUSE-SA:2005:069: php4,php5

This script is Copyright (C) 2005-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2005:069 (php4,php5).


Updated PHP packages fix the following security issues:

- Stefan Esser found out that a bug in parse_str() could lead to
activation of register_globals (CVE-2005-3389) and additionally
that file uploads could overwrite $GLOBALS (CVE-2005-3390)

- Bugs in the exif code could lead to a crash (CVE-2005-3353)

- Missing safe_mode checks in image processing code and cURL
functions allowed to bypass safe_mode and open_basedir
(CVE-2005-3391)

- Information leakage via the virtual() function (CVE-2005-3392)

- Missing input sanitation in the mb_send_mail() function
potentially allowed to inject arbitrary mail headers
(CVE-2005-3883)

The previous security update for php caused crashes when mod_rewrite
was used. The updated packages fix that problem as well.

Solution :

http://www.suse.de/security/advisories/2005_14_sa.html

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 20335 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now