This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities was discovered and corrected in php :
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key
with the NULL byte. NOTE: this might only be a vulnerability in
limited circumstances in which the attacker can modify or add database
entries but does not have permissions to truncate the file
The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).
Unspecified vulnerability in PHP before 5.2.11 has unknown impact and
attack vectors related to missing sanity checks around exif
Unspecified vulnerability in the imagecolortransparent function in PHP
before 5.2.11 has unknown impact and attack vectors related to an
incorrect sanity check for the color index. (CVE-2009-3293). However
in Mandriva we don't use the bundled libgd source in php per default,
there is a unsupported package in contrib named php-gd-bundled that
eventually will get updated to pickup these fixes.
This update provides a solution to these vulnerabilities.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false
Family: Mandriva Local Security Checks
Nessus Plugin ID: 41639 (mandriva_MDVSA-2009-247.nasl)
Bugtraq ID: 36449
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now