SUSE-SA:2006:052: php4,php5

This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.

Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2006:052 (php4,php5).

Various security problems have been fixed in the PHP script
language engine and its modules, versions 4 and 5.

The PHP4 updated packages were released on September 12, the PHP5
update packages were released on September 20.

The following security problems were fixed, with respective Mitre
- The CURL module lacked checks for control characters (CVE-2006-2563)
- A potential basedir evasion in the CURL module (CVE-2006-4483)
- basedir and safemode evasion in the IMAP module (CVE-2006-4481)
- str_repeat() contained an integer overflow (CVE-2006-4482)
- GIF LZWReadByte overflow in the GD extension (CVE-2006-4484)
- ext/wddx contained a buffer overflow
- memory_limit() lacked checks for integer overflows
- fixed memory overflow in foreach (CVE-2006-4482)
- a bug in sscanf() could potentially be exploited to execute arbitrary code (CVE-2006-4020)

Solution :

Risk factor :


Family: SuSE Local Security Checks

Nessus Plugin ID: 24430 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now