This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Fedora host is missing one or more security updates.
Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in
PHP's mbstring extension. A remote attacker able to pass arbitrary
input to a PHP script using mbstring conversion functions could cause
the PHP interpreter to crash or, possibly, execute arbitrary code.
(CVE-2008-5557) A directory traversal flaw was found in PHP's
ZipArchive::extractTo function. If PHP is used to extract a malicious
ZIP archive, it could allow an attacker to write arbitrary files
anywhere the PHP process has write permissions. (CVE-2008-5658) A
buffer overflow flaw was found in PHP's imageloadfont function. If a
PHP script allowed a remote attacker to load a carefully crafted font
file, it could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-3658) A memory disclosure flaw was
found in the PHP gd extension's imagerotate function. A remote
attacker able to pass arbitrary values as the 'background color'
argument of the function could, possibly, view portions of the PHP
interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was
found in a way PHP reported errors for invalid cookies. If the PHP
interpreter had 'display_errors' enabled, a remote attacker able to
set a specially crafted cookie on a victim's system could possibly
inject arbitrary HTML into an error message generated by PHP.
(CVE-2008-5814) A flaw was found in the handling of the
'mbstring.func_overload' configuration setting. A value set for one
virtual host, or in a user's .htaccess file, was incorrectly applied
to other virtual hosts on the same server, causing the handling of
multibyte character strings to not work correctly. (CVE-2009-0754) A
flaw was found in PHP's json_decode function. A remote attacker could
use this flaw to create a specially crafted string which could cause
the PHP interpreter to crash while being decoded in a PHP script.
(CVE-2009-1271) A flaw was found in the use of the uw-imap library by
the PHP 'imap' extension. This could cause the PHP interpreter to
crash if the 'imap' extension was used to read specially crafted mail
messages with long headers. (CVE-2008-2829)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected maniadrive and / or php packages.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true
Family: Fedora Local Security Checks
Nessus Plugin ID: 38956 (fedora_2009-3768.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now