This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.
The remote host is missing a vendor-supplied security patch
The remote host is missing the patch for the advisory SUSE-SA:2006:052 (php4,php5).
Various security problems have been fixed in the PHP script
language engine and its modules, versions 4 and 5.
The PHP4 updated packages were released on September 12, the PHP5
update packages were released on September 20.
The following security problems were fixed, with respective Mitre
- The CURL module lacked checks for control characters (CVE-2006-2563)
- A potential basedir evasion in the CURL module (CVE-2006-4483)
- basedir and safemode evasion in the IMAP module (CVE-2006-4481)
- str_repeat() contained an integer overflow (CVE-2006-4482)
- GIF LZWReadByte overflow in the GD extension (CVE-2006-4484)
- ext/wddx contained a buffer overflow
- memory_limit() lacked checks for integer overflows
- fixed memory overflow in foreach (CVE-2006-4482)
- a bug in sscanf() could potentially be exploited to execute arbitrary code (CVE-2006-4020)
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now