This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been identified and fixed in php :
There is a programming error in the DES implementation used in crypt()
in ext/standard/crypt_freesec.c when handling input which contains
characters that can not be represented with 7-bit ASCII. When the
input contains characters with only the most significant bit set
(0x80), that character and all characters after it will be ignored
An integer overflow, leading to heap-based buffer overflow was found
in the way Phar extension of the PHP scripting language processed
certain fields by manipulating TAR files. A remote attacker could
provide a specially crafted TAR archive file, which once processed in
an PHP application using the Phar extension could lead to denial of
service (application crash), or, potentially arbitary code execution
with the privileges of the user running the application
The updated php packages have been upgraded to the 5.3.14 version
which is not vulnerable to these issues.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true