This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
A heap buffer overflow flaw was found in the xmlrpc extension for PHP.
A script that implements an XML-RPC server using this extension could
allow a remote attacker to execute arbitrary code as the apache user.
This flaw does not, however, affect PHP applications using the
pure-PHP XML_RPC class provided via PEAR (CVE-2007-1864).
A flaw was found in the ftp extension for PHP. A script using this
extension to provide access to a private FTP server and which passed
untrusted script input directly to any function provided by this
extension could allow a remote attacker to send arbitrary FTP commands
to the server (CVE-2007-2509).
A buffer overflow flaw was found in the soap extension for PHP in the
handling of an HTTP redirect response when using the SOAP client
provided by the extension with an untrusted SOAP server
A buffer overflow in the user_filter_factory_create() function has
unknown impact and local attack vectors (CVE-2007-2511).
Updated packages have been patched to prevent this issue.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false
Family: Mandriva Local Security Checks
Nessus Plugin ID: 25212 (mandrake_MDKSA-2007-102.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now