This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5
do not check for the safe_mode and open_basedir settings, which allows
local users to bypass the settings (CVE-2006-4481).
Buffer overflow in the LWZReadByte function in
ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5
allows remote attackers to have an unknown impact via a GIF file with
input_code_size greater than MAX_LWZ_BITS, which triggers an overflow
when initializing the table array (CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).
CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP.
Updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false
Family: Mandriva Local Security Checks
Nessus Plugin ID: 23906 (mandrake_MDKSA-2006-162.nasl)
Bugtraq ID: 19582
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now