This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Some vulnerabilities were discovered and corrected in php-5.3.1 :
- Added max_file_uploads INI directive, which can be set
to limit the number of file uploads per-request to 20 by
default, to prevent possible DOS via temporary file
- Added missing sanity checks around exif processing.
- Fixed a safe_mode bypass in tempnam() identified by
Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified
by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Fixed bug #50063 (safe_mode_include_dir fails).
(CVE-2009-3559, Johannes, christian at elmerot dot se)
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 48158 (mandriva_MDVSA-2009-302.nasl)
Bugtraq ID: 37079
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now