This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
Numerous vulnerabilities were discovered in the PHP scripting language
that are corrected with this update.
An integer overflow in the substr_compare() function allows
context-dependent attackers to read sensitive memory via a large value
in the length argument. This only affects PHP5 (CVE-2007-1375).
A stack-based buffer overflow in the zip:// URI wrapper in PECL ZIP
1.8.3 and earlier allowes remote attackers to execute arbitrary code
via a long zip:// URL. This only affects Corporate Server 4.0
A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter
could allow an attacker to inject arbitrary email headers via a
special email address. This only affects Mandriva Linux 2007.1
The mcrypt_create_iv() function calls php_rand_r() with an
uninitialized seed variable, thus always generating the same
initialization vector, which may allow an attacker to decrypt certain
data more easily because of the guessable encryption keys
The soap extension calls php_rand_r() with an uninitialized seec
variable, which has unknown impact and attack vectors; an issue
similar to that affecting mcrypt_create_iv(). This only affects PHP5
The substr_count() function allows attackers to obtain sensitive
information via unspecified vectors. This only affects PHP5
An infinite loop was found in the gd extension that could be used to
cause a denial of service if a script were forced to process certain
PNG images from untrusted sources (CVE-2007-2756).
An integer overflow flaw was found in the chunk_split() function that
ould possibly execute arbitrary code as the apache user if a remote
attacker was able to pass arbitrary data to the third argument of
A flaw in the PHP session cookie handling could allow an attacker to
create a cross-site cookie insertion attack if a victim followed an
untrusted carefully-crafted URL (CVE-2007-3799).
Various integer overflow flaws were discovered in the PHP gd extension
that could allow a remote attacker to execute arbitrary code as the
apache user (CVE-2007-3996).
A flaw in the wordwrap() frunction could result in a denial of ervice
if a remote attacker was able to pass arbitrary data to the function
A flaw in the money_format() function could result in an information
leak or denial of service if a remote attacker was able to pass
arbitrary data to this function; this situation would be unlikely
A bug in the PHP session cookie handling could allow an attacker to
stop a victim from viewing a vulnerable website if the victim first
visited a malicious website under the control of the attacker who was
able to use that page to set a cookie for the vulnerable website
Updated packages have been patched to prevent these issues. In
addition, PECL ZIP version 1.8.10 is being provided for Corporate
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Mandriva Local Security Checks
Nessus Plugin ID: 26107 (mandrake_MDKSA-2007-187.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now